Splunk for Citrix NetScaler with Appflow: Why can'...

Silviav · ‎07-08-2015

Hi,

I'm trying to use Slunk for NetScaler, but I can't understand why I can't see anything in "NetScaler Overview", but there are a lot of events in "Search NetScaler data" and I can also see a lot of data in "AppFlow Overview".

Is it "normal"? I'm still learning how to use it.
I'm using the NetScaler only with a XenMobile appliance.

jconger · ‎07-08-2015

Do you have syslog configured to send data to Splunk from the NetScaler?

Also, what do you get when you run the following search:

eventtype=netscaler* | stats count by eventtype index

Silviav · ‎07-14-2015

Thank you very much for your answer!

I think so.
When I run that search I get;

EVENTYPE INDEX COUNT
netscaler netscaler 123380
netscaler_appflow netscaler 123380

I though that the problem was there isn't a field log_type in the events (the search of "Netscaler Overview" is

eventtype=netscaler | timechart count by log_type usenull=f

)

Do you think it could be possible?

Splunk for Citrix NetScaler with Appflow: Why can't I see anything in "NetScaler Overview", but I can in "AppFlow Overview"?

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >

Splunk for Citrix NetScaler with Appflow: Why can't I see anything in "NetScaler Overview", but I can in "AppFlow Overview"?

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >