All Apps and Add-ons

Collect Appflow information for netscaler

Path Finder

I have configured netscaler to to send logs over to splunk. I am receiving audit logs to splunk. I have used IPFIX addon to collect appflow logs from my netscaler, I have configured appflow collectors, actions and policies, but i am not able to receive any appflow information to my splunk instance. I am getting the below message in /opt/splunk/var/log/splunk/ipfix.log

CRITICAL pid=94058 tid=MainThread | Unable to bind [ipfix://appflow] XX.XX.XX.XX:1515
2018-04-12 09:27:16,368 CRITICAL pid=94058 tid=MainThread | Traceback (most recent call last): ||   File "/opt/splunk/etc/apps/Splunk_TA_ipfix/bin/splunklib/modularinput/", line 74, in run_script ||     self.stream_events(self._input_definition, event_writer) ||   File "/opt/splunk/etc/apps/Splunk_TA_ipfix/bin/IPFIX/", line 105, in stream_events ||     s.bind((bind_host, bind_port)) ||   File "/opt/splunk/lib/python2.7/", line 228, in meth ||     return getattr(self._sock,name)(*args) || error: [Errno 99] Cannot assign requested address

my ipfix inputs.conf is as below

address = XX.XX.XX.XX
buffer = 10485760
index = netscaler
port = 1515
interval = 300

I am getting data when i search for


I have audit logs coming on port 1514, Appflow is configured on 1515.
I have no information coming when I run the command

netstat -an | grep 1515

Any help is greatly appreciated.

Thank you.

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...