Skip to main content
Version: 2.10.1

Installing into a Distributed Splunk Environment

If you have Splunk distributed environment (separate search heads / indexers / forwarders), install V2P Network Visibility for Splunk App on search heads. Install Add-on on search heads and indexers/heavy forwarders.

There are three ways to ingest NetFlow Optimizer events into Splunk:

  1. NFO sends events directly to Splunk indexer
  2. NFO sends events directly to Splunk Universal Forwarder (they could be installed together or on separate machines)
  3. NFO sends events to syslog-ng or rsyslog, and Splunk Universal Forwarder sends them to Splunk indexers