All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you run the old IPFIX app with the new NetScaler app?

dfronck
Communicator
‎12-02-2014 01:48 PM

We upgraded our NetScalers from v9 to v10 so I had to update the NetScaler app to v5. I installed the IPFix v5.0.1 app and it does not work as expected. There are a lot of issues like my host is the heavy forwarder instead of the NetScaler and the source is getting changed to "source = DataSource(address[0], address[1], observer_id)" which appears to be NS_IP:PORT:INSTANCE?

Any way, that's just inconvenient, the real problem is that the app crashes 2, 3, 4 times a day and I have to restart Splunk to get it working again. I have a case open with Splunk. The CRITICAL error that's getting thrown is "UnicodeDecodeError: 'utf8' codec can't decode byte 0x96 in position 967: invalid start byte"; it doesn't like something in our data.

The old v4.8 IPFIX app never had this issue so I was wondering if I could just roll back to that one.

Reply
1 Solution
Solved! Jump to solution
Solution

jbennett_splunk
Splunk Employee
Splunk Employee
‎12-03-2014 12:20 PM

The data is structured differently, so I don't think it will work.

View solution in original post

Reply
Solved! Jump to solution
Solution

jbennett_splunk
Splunk Employee
Splunk Employee
‎12-03-2014 12:20 PM

The data is structured differently, so I don't think it will work.

Reply
Solved! Jump to solution

dfronck
Communicator
‎12-03-2014 08:49 AM

The good news is that it generates the same error every time so I wrote a script that greps the ipfix logs for the error and restarts splunk whenever it occurs. All of our other logs go into syslog so we're only losing 3 minutes of NetScaler logs 3 or 4 times a day.

I assume I can fix the host in props for the NS app.

Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...