icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Log4Shell Vulnerability: Information and guidance for you. Get resources.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading NetFlow and SNMP Analytics for Splunk
SHA256 checksum (netflow-and-snmp-analytics-for-splunk_448.tgz) b28ddead6b06920696ada57a2416371b93fb63f5b7870278be06768498e5443b SHA256 checksum (netflow-and-snmp-analytics-for-splunk_443.tgz) 0c2fe670426402d6dc77096104c73a089657d057a3041720aab296fa3b53b28c SHA256 checksum (netflow-and-snmp-analytics-for-splunk_4312.tgz) 56392c621be3d561cdb06bf044ab41153f7e0410cd2579cc785f53ba5a6b2155 SHA256 checksum (netflow-and-snmp-analytics-for-splunk_434.tgz) 42b8cb669bc80f74b0d59cad3339acd921ae41a91099bd76caaf5d2bddc4de8e SHA256 checksum (netflow-and-snmp-analytics-for-splunk_4230.tgz) f99fcb28b128a616d009ea02ab836031c85554a8079a920c570d82a57f92ff67 SHA256 checksum (netflow-and-snmp-analytics-for-splunk_4120.tgz) e3abd5d39f1ce9f36cddfe61753d18324e8a14e59f89d8e7040b024d4a1f3399 SHA256 checksum (netflow-and-snmp-analytics-for-splunk_407.tgz) f8f00a42420307a219d49abf41c7dfac54493a4cc24fc55c5f04c7a546e59d24 SHA256 checksum (netflow-and-snmp-analytics-for-splunk_3934.tgz) 8b2b98ff8024b539398cdd7e83ed4c6fd54e4b80d6e701b9c943803ac9d096e2 SHA256 checksum (netflow-and-snmp-analytics-for-splunk_3925.tgz) 73e8259a84989eec819b031283dac7d34e8f5b5baf7fbb11b783e3db016cd0f1 SHA256 checksum (netflow-and-snmp-analytics-for-splunk_388.tgz) 1117af3560921f37797844bd3eb6bfb5eb9998d19291a68b3e1099591a129c95
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate


NetFlow and SNMP Analytics for Splunk

Splunk Cloud
NetFlow and SNMP Analytics for Splunk App relies on flow data processed by NetFlow Optimizer™ (NFO) and enables you to analyze it using Splunk® Enterprise or Splunk® Cloud.

Use this App for network traffic monitoring of your cloud (AWS, Microsoft Azure, or Google) or on-premises infrastructure.

This App should be installed on servers acting as search head.

Before installing this App, please install the Technology Add-on for NetFlow (TA-netflow) on your search heads, indexers, and forwarders. To download TA-netflow please visit https://splunkbase.splunk.com/app/1838/

This version of the App is compatible with TA-netflow version 4.4.2 or higher.

This solution:

* Supports NetFlow v5, v9, sFlow, IPFIX, Cisco ASA NSEL, Cisco HSL, Cisco AVC, Juniper J-Flow, Palo Alto Networks NetFlow, Citrix AppFlow
* Supports cloud flow logs: AWS VPC Flow Logs, Google Cloud VPC Flow Logs, Microsoft Azure NSG Flow Logs
* Supports SNMP polling and SNMP traps (v2c and v3)
* Enriches flow data with DNS names, VM names, Cloud virtual network names, GeoIP, IP Reputation, Applications, User identity
* Reports bidirectional network conversations and their duration
* Shows overloaded network devices interfaces
* Reports hosts communicating with bad actors
* Cost effective to deploy on all tiers of the network

Start Your Free Trial by registering at https://www.netflowlogic.com/download/

This App provides dashboards, reports, and alerts to address many use cases such as network bandwidth monitoring, capacity planning, detailed traffic activities, troubleshooting and cyber threats detection.

You need to have NetFlow Optimizer (NFO) software to process and feed data into this App. NFO supports NetFlow v5, v9, sFlow, IPFIX, J-Flow, Cisco ASA NSEL, Cisco HSL, Palo Alto Networks, and public cloud flows such as AWS and Google VPC Flow logs, Microsoft Azure NSG Flow logs.

Register for an evaluation at www.netflowlogic.com

NFO consumes and applies in-line analytics to summarize flows and send consolidated information into Splunk Enterprise or Splunk Cloud.

Further documentation can be found at:
NetFlow Analytics for Splunk User Manual

Release Notes

Version 4.4.8
Jan. 3, 2022

This is a maintenance release.
- Added deduplication to tstats dashboards
- Minor bug fixes

Version 4.4.3
Nov. 24, 2021
  • Added tstats version of various dashboards
  • Added metrics based dashboards
  • New dashboards
  • Network Conversations Top Applications and Users
  • Network Conversations Devices by Concurrent Connections
  • Minor bug fixes
Version 4.3.12
Sept. 28, 2021
  • New dashboards for Network Conversations Module (NFO 2.9)
  • Minor bug fixes
Version 4.3.4
Aug. 29, 2021
  • Updated for Splunk Cloud Compatibility (jQuery 3.5)
  • Added dashboards for Bidirectional and Unidirectional Network Conversations
  • Usability improvements
  • Bug fixes
Version 4.2.30
June 14, 2021
  • Added summary indexing (metrics based) and corresponding dashboards for large volumes of flow data (saved searches and dashboards)
  • Added several dashboards based on tstats command for better performance
  • Added SNMP based Interface Errors and Discards
  • Added Sankey view to several dashboards
  • Various cosmetic changes
  • Various bug fixes
Version 4.1.20
Oct. 6, 2020
  • Added dashboards for Microsoft Azure NSG Flow Logs
  • Added dashboards for Google Cloud VPC Flow Logs
  • Improved dashboards for Amazon AWS VPC Flow Logs
  • Added Security and ITOps alerts
  • Bug fixes
Version 4.0.7
Jan. 21, 2020

This version is compatible with TA for Netflow version 4.0.7 or higher (https://splunkbase.splunk.com/app/1838/)

  • Main menu restructuring
  • Performance improvement
  • Added NFO drop-down for customers running multiple instances of NFO
  • Added dashboards for Cisco Application Visibility Control (AVC) to monitor Applications and Users
  • Changed Traffic by Protocol and Port to report traffic by destination port based on IANA specification https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
  • Added dashboard to view Interface Utilization with Traffic by ports, source/destination, CBQoS
  • Added dashboards for Amazon AWS VPC Flow Logs
  • Bug fixes
Version 3.9.34
July 17, 2019

This version is compatible with TA for Netflow version 3.9.34 or higher (https://splunkbase.splunk.com/app/1838/)

  • Added dashboards for NFO Module for VMware NSX Distributed Firewall (available in NFO 2.6)
  • Added searches for NetFlow Capture and Replay (available in NFO 2.6)
  • Bug fixes
Version 3.9.25
April 29, 2019

This version is compatible with TA for Netflow version 3.9.23 or higher (https://splunkbase.splunk.com/app/1838/)

  • Added support NetFlow data reported by multiple NetFlow Optimizer instances
  • Added alert for reporting interfaces with utilization over a certain threshold
  • Improved usability of network devices and interfaces utilization dashboards
  • Added ability to override interface speed reported via SNMP polling
  • Added Topology view to visualize network conversations
  • Added Bubble view to visualize hosts with most flows and destinations
  • Updated Autonomous System numbers lookup
  • Improved performance
  • Bug fixes
  • Changes to pass AppInspect
Version 3.8.8
June 28, 2018
  • New dashboards:
    • Microsegmentation Analyzer and Planning
    • Traffic Analyzer and Planning (based on my-subnets.csv lookup)
    • SNMP interface errors and discards
    • SNMP CISCO - latest memory/cpu values
  • Updated Cyber Threat Statistics dashboard (added custom thread feeds counter)
  • Bug fixes
  • Performance improvement

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.