Overview

Details

Unleash Network Insights with NetFlow and SNMP Analytics for Splunk!

NetFlowLogic and Splunk deliver a powerful network traffic analysis solution. This collaboration empowers network and security analysts with real-time insights into your network infrastructure, both on-premises and across cloud platforms like AWS, Microsoft Azure, Oracle Cloud Infrastructure, and Google Cloud Platform.

The NetFlow and SNMP Analytics for Splunk App seamlessly integrates NetFlow Optimizer (NFO) with Splunk's industry-leading investigation and visualization capabilities. NFO processes various flow formats (NetFlow, sFlow, IPFIX) and cloud flow logs, transforming them into insightful, actionable data for Splunk. This empowers you to:

• Gain Comprehensive Visibility: Monitor network traffic across your entire infrastructure, including cloud deployments and on-premises networks.
• Simplify Security Analysis: Correlate application and user activity for faster and more accurate security investigations.
• Optimize Network Performance: Identify bottlenecks, optimize resource allocation, and proactively address potential congestion issues.
• Automate Workflows: Streamline network monitoring tasks and free up valuable IT resources for strategic initiatives.

Key Features:

• Supports industry-standard flow formats (NetFlow v5, v9, sFlow, IPFIX) and cloud flow logs (AWS, Azure, OCI, GCP).
• Provides real-time and historical network traffic analysis.
• Leverages SNMP polling and traps (v2c and v3) for comprehensive device health monitoring.
• Enriches flow data with context (DNS names, VM names, GeoIP, IP reputation, applications, user identity).
• Identifies overloaded network interfaces and potential security threats.
• Offers cost-effective deployment across your entire network infrastructure.

Download the NetFlow and SNMP Analytics for Splunk App and experience the power of unified network traffic analysis.

Overview

NetFlow Optimizer Integration: The NetFlow and SNMP Analytics for Splunk App works in tandem with NetFlow Optimizer (NFO) software, a powerful system that processes flow data (NetFlow, sFlow, IPFIX, etc.) and cloud flow logs before feeding them into Splunk for analysis. This is illustrated in the following diagram.

Technical Specifications

• Supported Flow Formats: NetFlow v5, v9, sFlow, IPFIX, JFlow, AppFlow, etc.
• Supported Cloud Platforms: AWS VPC Flow Logs, Google Cloud VPC Flow Logs, Microsoft Azure NSG Flow Logs
• Supported SNMP Versions: v2c, v3

Data Enrichment

NFO enriches flow data with valuable context to enhance your analysis. This includes:
• DNS Names: Identify applications and services utilizing the network.
• VM Names: Gain insights into traffic originating from specific virtual machines.
• Cloud Virtual Network Names: Understand traffic flow within your cloud environment.
• GeoIP: Identify geographic locations of communicating devices.
• IP Reputation: Flag potential security threats based on IP reputation databases.
• Applications: Identify applications generating network traffic.
• User Identity: Correlate network activity with specific users (if available).

Installation

NetFlow and SNMP Analytics for Splunk App: Install this App on search heads within your Splunk environment.
Technology Add-on for NetFlow (TA-netflow): This add-on is a prerequisite and needs to be installed on search heads, indexers, and forwarders. You can download TA-netflow from https://splunkbase.splunk.com/app/1838/.

For more details, visit https://docs.netflowlogic.com/integrations-and-apps/integrations-with-splunk/netflow-analytics-splunk-app/installation

Configuration

For more details, visit https://docs.netflowlogic.com/integrations-and-apps/integrations-with-splunk/netflow-analytics-splunk-app/administration

Release Notes

Version 4.5.49

Sept. 16, 2024

New dashboard: Network Conversations Top (firewall policy) Violators
Improved dashboard: Network Topology with Insights

Version 4.5.37

Aug. 15, 2024

New dashboard: Network Conversations with NetScaler RTT and Retransmissions
New dashboard: Network Topology with Insights
Minor bug fixes

Version 4.5.27

June 18, 2024

added parameter: to process lookup on the federated search head set local=true
added destination port in Application fields

Version 4.5.22

Feb. 21, 2024

Added new dashboard: "SNMP Devices CPU and Memory"
Improved "Interface Errors and Discards" dashboard
Updated Azure dashboards
Bugfixes

Version 4.5.16

March 22, 2023

added support for IPv6 networks
bugfix in "Interface Errors and Discards" dashboard
fixed savedsearch updating the interfaces_20003 lookup table

Version 4.5.12

Dec. 21, 2022

Added several new dashboards:
- Traffic Using Critical Ports
- Communications with Malicious Hosts
- Added tstats (TS) dashboards
- Network Conversations by Duration TS
- Network Conversations by Country TS
- Network Conversations by Autonomous Systems TS
- Additional filters added to TCP Health dashboard
- Bugfixes

20,717

Downloads

Share Subscribe

Version

Built by

NetFlow Logic

Support

Developer Supported

Contact Developer Questions on Splunk Answers Flag as inappropriate