Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunk for Netscaler
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk for Netscaler
I have installed the Splunk for Netscaler app. How do I add my Netscaler device into Splunk?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to configure netscaler to send syslog to a loghost, from there you can can either use splunk or syslog or syslog-ng to capture the logs and forward to Splunk. Our current set up is the web logs are processed in real time for forensics and then FTP'd nightly to a server where Splunk consumes it. I guess it is all a matter of preference. HTH
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it possible to have the Netscaler send directly to Splunk? I'd prefer that metod if possible as I've currently have our Netscaler setup to send ns_log direclty to Splunk but I'm not seeing any data.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to have splunk set up to index your logs from your NetScaler device.
To configure the app set the sourcetype of your NetScaler logs to ns_log. If your data has already been indexed under a different sourcetype you will need to create a sourcetype alias for ns_log.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, if the logs are on a different machine than the indexer you'll have to set up forwarding or some other solution.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this set up in "Data Inputs"?
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Observability Simplified: Combining User Experience, Application Performance & ...
Event Series May & June: From Network Visibility to Service Intelligence
