All Apps and Add-ons

Configuration of Splunk for Citrix NetScaler App with AppFlow

jodros
Builder

We have successfully installed the Splunk for Citrix NetScaler app as well as the Splunk_TA_IPFIX_UDP_NIX. We are getting syslog data in the app. We are also getting data over the AppFlow port, but it appears to be a listing of ViP's on the NetScaler, not application flow data.

We have enabled AppFlow on the netscaler as detailed in this video http://www.youtube.com/watch?v=ZRfVBEjocSM. The AppFlow policy shows active, but is not getting any hits. If anyone can assist, I would greatly appreciate it.

A sanitized sample log received over the AppFlow port is below.

TimeStamp="2013-10-17T08:02:07"; Template="265"; Observer="0"; Address="10.x.x.x"; Port="62526"; observationDomainId="0"; incarnationNumber="2152"; appNameAppID="12345"; appName="Generic_App_Name"; appTemplateName="";

Thanks

badger0zz
New Member

I had this same issue (Netscaler 10.1). Turns out I needed to turn on Appflow for the Netscaler Gateway virtual server. In 'Configuration > NetScaler Gateway > Virtual Servers', click a Virtual Server and open it. Along the top of the window are some check boxes, one of which is 'AppFlow Logging'. I suspect there is a similar option for things other than the Netscaler Gateway if you're doing something else with your Netscaler.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...