Overview

Details

Unleash Network Insights with NetFlow and SNMP Analytics for Splunk!

NetFlowLogic and Splunk deliver a powerful network traffic analysis solution. This collaboration empowers network and security analysts with real-time insights into your network infrastructure, both on-premises and across cloud platforms like AWS, Microsoft Azure, Oracle Cloud Infrastructure, and Google Cloud Platform.

The NetFlow and SNMP Analytics for Splunk App seamlessly integrates NetFlow Optimizer (NFO) with Splunk's industry-leading investigation and visualization capabilities. NFO processes various flow formats (NetFlow, sFlow, IPFIX) and cloud flow logs, transforming them into insightful, actionable data for Splunk. This empowers you to:

• Gain Comprehensive Visibility: Monitor network traffic across your entire infrastructure, including cloud deployments and on-premises networks.
• Simplify Security Analysis: Correlate application and user activity for faster and more accurate security investigations.
• Optimize Network Performance: Identify bottlenecks, optimize resource allocation, and proactively address potential congestion issues.
• Automate Workflows: Streamline network monitoring tasks and free up valuable IT resources for strategic initiatives.

Key Features:

• Supports industry-standard flow formats (NetFlow v5, v9, sFlow, IPFIX) and cloud flow logs (AWS, Azure, OCI, GCP).
• Provides real-time and historical network traffic analysis.
• Leverages SNMP polling and traps (v2c and v3) for comprehensive device health monitoring.
• Enriches flow data with context (DNS names, VM names, GeoIP, IP reputation, applications, user identity).
• Identifies overloaded network interfaces and potential security threats.
• Offers cost-effective deployment across your entire network infrastructure.

Download the NetFlow and SNMP Analytics for Splunk App and experience the power of unified network traffic analysis.

Overview

NetFlow Optimizer Integration: The NetFlow and SNMP Analytics for Splunk App works in tandem with NetFlow Optimizer (NFO) software, a powerful system that processes flow data (NetFlow, sFlow, IPFIX, etc.) and cloud flow logs before feeding them into Splunk for analysis. This is illustrated in the following diagram.

Technical Specifications

• Supported Flow Formats: NetFlow v5, v9, sFlow, IPFIX, JFlow, AppFlow, etc.
• Supported Cloud Platforms: AWS VPC Flow Logs, Google Cloud VPC Flow Logs, Microsoft Azure NSG Flow Logs
• Supported SNMP Versions: v2c, v3

Data Enrichment

NFO enriches flow data with valuable context to enhance your analysis. This includes:
• DNS Names: Identify applications and services utilizing the network.
• VM Names: Gain insights into traffic originating from specific virtual machines.
• Cloud Virtual Network Names: Understand traffic flow within your cloud environment.
• GeoIP: Identify geographic locations of communicating devices.
• IP Reputation: Flag potential security threats based on IP reputation databases.
• Applications: Identify applications generating network traffic.
• User Identity: Correlate network activity with specific users (if available).

Installation

NetFlow and SNMP Analytics for Splunk App: Install this App on search heads within your Splunk environment.
Technology Add-on for NetFlow (TA-netflow): This add-on is a prerequisite and needs to be installed on search heads, indexers, and forwarders. You can download TA-netflow from https://splunkbase.splunk.com/app/1838/.

For more details, visit https://docs.netflowlogic.com/integrations-and-apps/integrations-with-splunk/netflow-analytics-splunk-app/installation

Configuration

For more details, visit https://docs.netflowlogic.com/integrations-and-apps/integrations-with-splunk/netflow-analytics-splunk-app/administration

Release Notes

Version 4.5.74

July 12, 2025

New Dashboard: Network Device Health. Proactively monitor the operational status and performance of your network infrastructure, powered by NetFlow Optimizer's auto-discovery and SNMP polling.
Improved Dashboard: Network Topology with Insights. Visualize your network's structure and traffic patterns with enhanced clarity, leveraging richer data from NetFlow Optimizer's auto-discovery and SNMP polling.

Version 4.5.70

April 30, 2025

Added ifName and ifAlias to critical interfaces lookup
Bug fixes
Tested with Splunk 10.0

Version 4.5.65

March 25, 2025

Added sysLocation to SNMP Devices CPU and Memory and Interface Errors and Discards dashboards
Added Source for discovered connection dropdown to Network Topology with Insights dashboard

Version 4.5.56

Feb. 7, 2025

Update to align with Splunk CIM
Bug fixes

Version 4.5.49

Sept. 16, 2024

New dashboard: Network Conversations Top (firewall policy) Violators
Improved dashboard: Network Topology with Insights

21,339

Downloads

Share Subscribe

Version

Built by

NetFlow Logic

Support

Developer Supported

Contact Developer Questions on Splunk Answers Flag as inappropriate