All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk UF inputs for XenApp

cgisplunk
Path Finder
‎11-08-2012 01:05 PM

Hi everyone,
The deployment docs do not mention if I should enable ANY inputs in Splunk UF during the installation. I installed the UF and TAs but my perf and alerts indices are empty. Do I need to enabled any inputs in UF at the install time?
Thanks,
S.

0 Karma
Reply

jconger
Splunk Employee
Splunk Employee
‎11-11-2012 07:13 AM

Sounds like the PowerShell execution policy may not be set. Are you able to manually execute the PowerShell scripts found in the \bin\powershell folder?

The alerts index is populated by saved searches based on the data in the xenapp* indexes, so no data will show up there until the other issue is corrected.

0 Karma
Reply

cgisplunk
Path Finder
‎11-13-2012 07:52 AM

jconger,
Yes, i installed PowerShell 2.0 on W2K3 boxes that run XenApp 4.5.
The policy is set to remotesigned on all of them.
I can execute most of the scripts locally, for example on the Citrix Licensing host, but some scripts fail to run. For example, this one for session stats:

PS C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-XA5-Server\bin\powershell> .\GetICASessionStat5.ps1
Get-WmiObject : Invalid class
At C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-XA5-Server\bin\powershell\GetICASessionStat5.ps1:2 char:29
+ $ICASessions = Get-WMIOBject <<<< -Class Win32_PerfFormattedData_CitrixICA_ICASession
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
<<<
Looks like it's missing smth in WMI.
S.

0 Karma
Reply

cgisplunk
Path Finder
‎11-09-2012 11:02 AM

Correction:
yes, outputs.conf on forwarding hosts do have the proper configs:
"
[tcpout]
defaultGroup = host_9997

[tcpout:host_9997]
server = host:9997

[tcpout-server://host:9997]"

0 Karma
Reply

cgisplunk
Path Finder
‎11-09-2012 10:59 AM

sdaniels,
We deploy manually so far, so the outputs.conf is irrelevant to us at this point.
I do receive data into the App but very little, cannot even see the Zone Info and the License report keeps giving me the " The lookup table 'citrix_license_type' does not exist." even though it does exist and I gave it even extra file & app permissions. Nothing under Session or Client & Device Stats.

0 Karma
Reply

sdaniels
Splunk Employee
Splunk Employee
‎11-09-2012 09:00 AM

If you look at the TA-XA5-Server (or 60/65) the inputs.conf has most of the inputs enabled by default. So, assuming you have the correct ones installed it should start brining back data from the Xen Servers.

I know the docs confuse the name but have you completed this step to make sure data is getting sent back properly to the indexer?

http://docs.splunk.com/Documentation/XenApp/latest/DeployXenApp/Installtheadd-ons#Edit_the_TA-Forwar...

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

  Ready to master Kubernetes and cloud monitoring like the pros?Join Splunk’s Growth Engineering team for an ...

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

&#x1f5e3; You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...