Splunk Add-on for NetFlow

Important: On March 18, 2019, this add-on has been deprecated and reached its End of Life on June 19, 2019. For more information about the end of availability and support for this add-on, see https://www.splunk.com/blog/2019/03/18/end-of-availability-splunk-built-apps-and-add-ons.html?April. The Splunk Add-on for NetFlow allows a Splunk® Enterprise administrator to receive and convert NetFlow streams from compatible network gear. The add-on maps the NetFlow data to the Common Information Model for use with CIM-compliant apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance. The Splunk Add-on for NetFlow is based on the NFDUMP project. If you have NetFlow v10 data, see the Splunk Add-on for IPFIX. Sites using both NetFlow v5/v9 and IPFIX (v10) data may wish to use a combination of both add-ons, listening on different ports. This add-on must be installed on a Linux instance of Splunk Enterprise for data collection. The add-on is platform independent for indexers and search heads.