AnsweredAssumed Answered

Netflow data parsing

Question asked by Brian Howard on Feb 6, 2015
Latest reply on Feb 9, 2015 by Brian Howard

Has anyone started pulling in Netflow data into SA?  If so, are you able to see the "direction" meta and run the RSA provided Netflow reports?  I am unable to do either properly.  I added a custom line in my log concentrator index-concentrator-custom.xml file, and the meta appears in an investigation, but reports come back empty for the same data/time frame. 


Here is the info from my index-concentrator-custom.xml file:

<?xml version="1.0" encoding="utf-8"?>

<language level="IndexNone" defaultAction="Auto">


  <!--NetFlow rsaFlow Keys-->

        <key description="Direction" level="IndexValues" name="direction" valueMax="100000" format="Text" />