All Apps and Add-ons

Splunk for Citrix doesn't work :-(


I'm using the latest Splunk version , and netscaler 10.1.
I have installed on the index head the Splunk_TA_Citrix-Netscaler & IPFIX, and on search head I have installed the software and the TA & IPFIX.

I can see over the Splunk that data is getting -

12/16/14 11:54:21.000 AM Dec 16
16/12/2014:11:47:21 GMT 0-PPE-0 : UI
CMD_EXECUTED 1489 0 : User NDS_support
- Remote_ip - Command "show ns hardware" - Status "Success"
• host = • source =
udp:514 • sourcetype = syslog

when I'm getting to the splunk for Netscaler software it doesn't recognize the Netscaler.

I've modified over Splunk_TA_Citrix-NetScaler/default/inputs.conf to be -

#connection_host = dns
sourcetype = ns_log
index = netscaler
disabled = false

# A separate IPFIX addon is needed in order for the following stanza to work.
sourcetype = appflow
index = netscaler
address =
port = 4739
buffer = 1048576
disabled = true
0 Karma

Splunk Employee
Splunk Employee

Looks like your ipfix input is disabled.

0 Karma


I've tried to change it to false - nothing has changed 😞

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...