Humio has built in support for NetFlow.
It is possible to send NetFlow data directly to Humio over UDP using ingest listeners. Ingest listeners are configured under settings in a repository.
Setting up an ingest listener will let Humio listen for NetFlow traffic on a specified port. Then you need to configure the network equipment (firewall, switch, …) to send NetFlow data directly to Humio.
Waiting for the templates
After enabling NetFlow, some time can pass before the first data is ingested. As part of the NetFlow protocol, a template for the data is sent at regular intervals. Humio must wait for these templates to arrive before data can be parsed. The time between emitting schemas can typically be configured in the components emitting NetFlow data.
Humio supports NetFlow version 9. For other versions, we suggest looking at using Logstash’s NetFlow codec adapter.
Ingest listeners are only available in on-premises Humio due to security concerns.