If you have switches, routers, firewalls. Splunk Stream supports flow protocol data ingestion from network devices. Validate your results by searching the configured index on your Splunk platform deployment.Configure your NetFlow generator to send records to the new streamfwd.Select only the INFRA_NETFLOW group and Create_Stream.Select the index for this collection and click Enable then click Next.(Optional) Develop filters to reduce noise from high traffic devices then click Next.(Optional) Deselect any fields that do not apply to your use case then click Next.Select No in the Aggregation box then click Next.The NetFlow option works for NetFlow, sFlow, jFlow, and IPFIX protocols. Navigate to the Splunk App for Stream, then click Configuration > Configure Streams.Enter the regular expression to match the streamforwarder_id or hostname of the "streamfwd" collectors that should participate in this group rule. Navigate to the Splunk App for Stream, then click Configuration > Distributed Forwarder Management.Log in to the search head where the Splunk App for Stream is installed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |