Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading IxFlow
SHA256 checksum (ixflow_155.tgz) 709a85be3c2c028b1dba6190808ff88f10478372ff205bafa71346b9a7349fd9 SHA256 checksum (ixflow_140.tgz) 58f9667ce1df55ad9019f3c33ed503d3f8ebd533cacf01659fd46e7e8949db26 SHA256 checksum (ixflow_11.tgz) a32ef0473028cf3c2ef864df18fa90b3c73eafdf3d5184205a00ab610498b5d8 SHA256 checksum (ixflow_101.tgz) 0d95099f1c3db6b4d1df59eb47e536e6670e82ec21d23d2145aa3fd0c896d1eb SHA256 checksum (ixflow_10.tgz) 0e60b215739d5c2bd54aac20880587e7f4cd66a89309f6bd8ca21e3bc922cf37
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

IxFlow

Overview
Details
The IxFlow application for Splunk allows Ixia Application & Threat Intelligence Processor (ATIP) flow data to be indexed and reported in Splunk.

The IxFlow application for Splunk allows Ixia Application & Threat Intelligence Processor (ATIP) flow data to be indexed and reported in Splunk.

(This app has been tested in Splunk Enterprise 6.4 running ontop of Ubuntu 14.04 64-bit Server.)

You can add IxFlow App for Splunk via the 'Browse More Apps' section of the Splunk GUI, or using Splunk CLI

The default listener port for IxFlow is UDP 4739, you may need to change this collectin port in the IxFlow app to match the port number used by the Ixia ATIP (IxFlow exporter). Other paramters such as data rollover can also be adjusted. To do so, edit the following file from the command line.
cd /opt/splunk/etc/apps/ixflow_app/bin
sudo nano ixflow.sh
then run it
sudo ./ixflow.sh

If you encounter the following error message after running ixflow.sh (directory ixflow-cap does not exist) then create that directory and then run the script again. This is a know issues which sometime occurs, it will be fixed in the next IxFlow app release.
cd /opt/splunk/etc/apps/ixflow_app
sudo mkdir ixflow-cap

The Ixia ATIP must be properly configured to generate & forward IxFlow (i.e. Ixia enhanced Netflow) records (to the IxFlow App for Splunk). Please consult Ixia ATIP documentaion for details.

The entire list of fields we support is:
L7 Application Name - Application name, truncated at 128 characters.
Source IP Country Code - 2 Letter country code for the source IP address
Source IP Country Name - Country name for the source IP address. Truncated at 128 characters.
Source IP Region Code - 2 Letter region code for the source IP address
Source IP Region Name - Region name for the source IP address. Truncated at 128 characters.
Source IP City Name - City name for the source IP address. Truncated at 128 characters.
Source IP Latitude - Latitude for the source IP address
Source IP Longitude - Longitude for the source IP address
Destination IP Country Code - 2 Letter country code for the destination IP address. Truncated at 128 characters.
Destination IP Country Name - Country name for the destination IP address. Truncated at 128 characters.
Destination IP Region Code - 2 Letter region code for the destination IP address. Truncated at 128 characters.
Destination IP Region Name - Region name for the destination IP address. Truncated at 128 characters.
Destination IP City Name - City name for the destination IP address. Truncated at 128 characters.
Destination IP Latitude - Latitude for the destination IP address
Destination IP Longitude - Longitude for the destination IP address
OS Device Name - String containing OS name, truncated at 128 characters.
Browser Name - Unique Name for each browser type
Reverse Octet Delta Count - When exporting bidirectional flows, this field contains the byte count for the server back to the client side of the connection
Reverse Packet Delta Count - When exporting bidirectional flows, this field contains the packet count for the server back to the client side of the connection
SSL Connection Encryption Type - When SSL decryption is enabled, the encryption type:
'Encrypted' - flow encrypted and was not decrypted
'Decrypted' - flow encrypted and was decrypted by ATIP
'Cleartext' - flow not encrypted
SSL Encryption Cipher Name - For decrypted flows only, the name of the cipher used for decryption. Truncated at 128 characters.
SSL Encryption Key Length - For decrypted flows only, the bit length of the key used
User Agent - The user agent sent in the request HTTP header, truncated at 128 characters.
Host Name - The hostname field sent in the request HTTP header, truncated at 128 characters.
URI - The URI sent in the request HTTP header, truncated at 128 characters.
DNS - The DNS TXT field sent as part of a DNS request/response, truncated at 128 characters.

Release Notes

Version 1.5.5
March 15, 2018

Release 1.5.5 improves stability. Allows the log files to be deleted after Splunk ingests the events.

Version 1.4.0
July 7, 2016

The IxFlow application for Splunk allows Ixia Application & Threat Intelligence Processor (ATIP) flow data to be indexed and reported in Splunk.
Release 1.4.0 adds the 'Indicators of Compromise' fields:
- userAgent
- hostName
- URI
- dnsTxt

Supports:
Linux 64bit
Linux 32bit

See Details tab for further configuration notes

Version 1.1
June 29, 2015

The IxFlow application for Splunk allows Ixia Application & Threat Intelligence Processor (ATIP) flow data to be indexed and reported in Splunk.
Release 1.1 adds:
bgpSource
bgpDestination
observationDomainID
portID

Supports:
Linux 64bit
Linux 32bit
Mac OS X

Version 1.01
May 13, 2014

The IxFlow application for Splunk allows Ixia Application & Threat Intelligence Processor (ATIP) flow data to be indexed and reported in Splunk.

Supports:
Linux 64bit
Linux 32bit
Mac OS X

Version 1.0
May 9, 2014

The IxFlow application for Splunk allows Ixia Application & Threat Intelligence Processor (ATIP) flow data to be indexed and reported in Splunk.

1) Prerequisites: The app requires an Ixia NTO unit equipped with the new ATIP card, the Ixia ATIP generates the IxFlow (enhanced netflow) traffic that is indexed and reported on by the Splunk IxFlow application. The ATIP card required Ixia NTO release 4.0.3 or newer. The Ixia ATIP must be configured with a netflow destination ip address of the Splunk server where the IxFlow application is installed. The Splunk server must be able to accept traffic on the netflow port number (by default UDP port 4739, but configurable on ATIP)

2) Target Platform: The IxFlow app is intended to be used with Splunk 6.0 or newer. The app is designed to run on Linux OS.

3) Installation: Install the app using the Splunk platform; Go to Manager -> Apps -> Install App from File - Browse for the "ixflow_app.spl" file - Click Upload - The Splunk Framework detects that it needs to restarts itself - Click to Restart Splunk After installation the app label is visible and can be run within the Splunk Platform "App" tab.

4) Configuration: the app starts with no settings required. However though the script configure.sh located in the folder folder $SPLUNK_HOME/etc/apps/ixflow_app the application parameters can be changed. Among the most important changeable parameters there are : the UDP port number, number of days to maintain logs .

5) Using the App: the following view are available in IxFlow

a. Top Talkers Source / Dest IPs
b. Top Applications
c. Top Dynamic Apps
d. Top Browsers
e. Top Devices
f. Source/Destination Countries
g. Source/Destination Regions
h. Source/Destination Cities
i. Geographic Map

Time period for the data may be changed via the drop down in the top left corner.

6) Troubleshooting: If the IxFlow app does not behave as expected run/rerun the script ./configure.sh located in the folder $SPLUNK_HOME/etc/apps/ixflow_app

14
Installs
376
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2018 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.