All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk for Citrix doesn't work :-(

sbeamro
Explorer
‎12-25-2014 02:24 AM

Hi,
I'm using the latest Splunk version , and netscaler 10.1.
I have installed on the index head the Splunk_TA_Citrix-Netscaler & IPFIX, and on search head I have installed the software and the TA & IPFIX.

I can see over the Splunk that data is getting -

12/16/14 11:54:21.000 AM Dec 16
11:54:21 10.40.2.224
16/12/2014:11:47:21 GMT 0-PPE-0 : UI
CMD_EXECUTED 1489 0 : User NDS_support
- Remote_ip 10.56.182.0 - Command "show ns hardware" - Status "Success"
• host = 10.40.2.224 • source =
udp:514 • sourcetype = syslog

when I'm getting to the splunk for Netscaler software it doesn't recognize the Netscaler.

I've modified over Splunk_TA_Citrix-NetScaler/default/inputs.conf to be -

[udp://514]
#connection_host = dns
sourcetype = ns_log
index = netscaler
disabled = false

# A separate IPFIX addon is needed in order for the following stanza to work.  http://apps.splunk.com/app/1801/
[ipfix://NetScaler_AppFlow]
sourcetype = appflow
index = netscaler
address = 0.0.0.0
port = 4739
buffer = 1048576
disabled = true
0 Karma
Reply

jconger
Splunk Employee
Splunk Employee
‎01-05-2015 08:05 AM

Looks like your ipfix input is disabled.

0 Karma
Reply

sbeamro
Explorer
‎01-06-2015 03:56 AM

I've tried to change it to false - nothing has changed 😞

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...