All Apps and Add-ons

There is no indexed data

abdulvehhaba
Path Finder

Hi

I am using Splunk addon for Netscaler and Citrix Netscaler with Appflow,

My Splunk addon for Netscaler local input.conf is below:

I am listening 8514 port via tcpdump, there is traffic but Splunk doesn't index anything

[udp://8514]

connection_host = dns

sourcetype = ns_log
index = netscaler
disabled = 0
connection_host = ip

'# A separate IPFIX addon is needed in order for the following stanza to work. http://apps.splunk.com/app/1801/

[ipfix://NetScaler_AppFlow]

sourcetype = appflow

index = netscaler

address = 0.0.0.0

port = 4739

buffer = 1048576

disabled = 0

[monitor:///opt/filteredCitrixNSLogs.log]
disabled = 1
sourcetype = ns_log
index = netscaler

0 Karma

hunters_splunk
Splunk Employee
Splunk Employee

Hi, I think you should set your source type to citrix:netscaler:syslog rather than ns_log. The CIM mapping and dashboard panels are dependent on this source type. If you have not done so, please download and deploy the latest release of Splunk Add-on for Citrix NetScaler: http://splunkbase.splunk.com/app/2770. Hope it helps. Thanks!

0 Karma

ddrillic
Ultra Champion

A good place to start is at I can't find my data!

0 Karma

abdulvehhaba
Path Finder

I downvoted this post because not solved problem

0 Karma

ddrillic
Ultra Champion

It's a place to start, man.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.