Splunk NetFlow Integration

Flow Data Analysis for Virtual and Physical Network Intelligence and Security

NetFlow Logic developed a suite of products for effective integration of the NetFlow Optimizer (NFO) core processing engine with Splunk Enterprise or Splunk Cloud products for advanced operational intelligence and security.

NetFlow Analytics for Splunk App

Enables real-time network visibility by providing dashboards to understand application usages, utilization of network resources, and improve security posture. The App provides valuable network analytics based on Splunk CIM-compliant flow data from any vendor optimized and enriched by NFO.

Get Instant Demo Access

V2P Network Visibility for Splunk App

Provides unique dashboards for visibility between the virtual overlay and physical networking layers. Calculates in real-time the health and failure risk of physical network resources. Shows VM-to-VM or VM-to-physical host network path and how it is affected by network outages.

Schedule Guided Demo

NetFlow Based DDoS Detection for Splunk App

Extends the use of network flow data for security applications. Detects Network Traffic Anomaly and DDoS attacks. Uses built-in multi-expert machine learning algorithms to reduce false-positives. Enables risk mitigation by identifying attackers and victims.                     

Schedule Guided Demo

NetFlow Optimizer generated syslogs can also be streamed to Splunk Enterprise Security (ES) analytics-driven SIEM system that provides insight into machine data, helping to improve overall network security. With help of this SIEM system you can capture, monitor, and report on data from devices, systems, and applications across your environment. NFO-provided flow data has all the necessary CIM-compliant field names and tags to be visible in the Traffic Center dashboard, and to be used in correlation searches generating notable events for tracking threat sources.

NetFlow Applications Deployment

All NetFlow Logic Splunk Apps rely on the Technology Add-on for NetFlow for ingestion and indexing syslogs generated by NetFlow Optimizer.

Splunk NetFlow Integration

Technology Add-on for NetFlow

This Add-on must be installed on Splunk Indexers and Search heads in order for NFO to work with Splunk. It collects NetFlow data processed by NetFlow Optimizer, and then this data is visualized by the Netflow Analytics for Splunk App or Splunk Enterprise Security App.
The Technology Add-on for NetFlow is downloadable from Splunkbase at https://splunkbase.splunk.com/app/1838/.

NetFlow Analytics for Splunk App*

This App must be installed on Splunk Search heads. It contains visualization dashboards and information for alerting.
Downloadable from Splunkbase at https://splunkbase.splunk.com/app/489/.

V2P Network Visibility App*

This App must be installed on Splunk Search heads. It contains visualization dashboards for NFO V2P Network Visibility Module.
Downloadable from Splunkbase at https://splunkbase.splunk.com/app/2824/.

NetFlow-based DDoS Detection App*

Contact us at info@netflowlogic.com to get information regarding installing and using this app.

Splunk Enterprise Security App

This SIEM system was developed by Splunk and can be downloaded from Splunkbase at https://splunkbase.splunk.com/app/263/.

* Requires both NFO and Technology Add-on for NetFlow.