This Technology Add-on (TA) allows Splunk to ingest IPFIX flow data over UDP, implementing an IPFIX collector with support for enterprise specific information elements defined in iespec or xml files by private enterprise numbers.

The extracted data will be ingested by Splunk as ASCII text data, with fields, template id, and flow sequence information.

This TA can be run on a Splunk Forwarder and can listen for and parse Netflow v9+, Appflow and other IPFIX streams sent over UDP. It is cross-platform and works on Windows, Linux, and OSX. It can be configured to run from splunkd and stream data directly to Splunk, or to run as a linux daemon streaming data to disk (which can be monitored by Splunk).