Version: 2.10.1

Installing into a Single Splunk Server

Step 1: Install the App and Add-on

Step 2: Create the Splunk data input

Create the $SPLUNK_ROOT/etc/apps/TA-netflow/local/inputs.conf file, and add the following lines to it:
```
[udp://10514]
sourcetype = flowintegrator
```
By default NetFlow Optimizer events will be stored in main index. In case you want to use another index, for example flowintegrator, please create the $SPLUNK_ROOT/etc/apps/TA-netflow/local/indexes.conf file, and add the following lines to it:
```
[flowintegrator]
homePath    = $SPLUNK_DB/flowintegrator/nfi_traffic/db
coldPath    = $SPLUNK_DB/flowintegrator/nfi_traffic/colddb
thawedPath  = $SPLUNK_DB/flowintegrator/thaweddb
```
In that case make sure your $SPLUNK_ROOT/etc/apps/TA-netflow/local/inputs.conf file contains the following:
```
[udp://10514]
sourcetype = flowintegrator
index = flowintegrator
```
Also, in V2P Network Visibility for Splunk App (netflow_netops) you need to create $SPLUNK_ROOT/etc/apps/netflow_netops/local/macros.conf file contains the following. Edit this file to match your Splunk installation.
```
[netflow_index] 
definition = (index=main OR index=flowintegrator) sourcetype=flowintegrator
```
Restart Splunk