All Apps and Add-ons

There is no indexed data

abdulvehhaba
Path Finder

Hi

I am using Splunk addon for Netscaler and Citrix Netscaler with Appflow,

My Splunk addon for Netscaler local input.conf is below:

I am listening 8514 port via tcpdump, there is traffic but Splunk doesn't index anything

[udp://8514]

connection_host = dns

sourcetype = ns_log
index = netscaler
disabled = 0
connection_host = ip

'# A separate IPFIX addon is needed in order for the following stanza to work. http://apps.splunk.com/app/1801/

[ipfix://NetScaler_AppFlow]

sourcetype = appflow

index = netscaler

address = 0.0.0.0

port = 4739

buffer = 1048576

disabled = 0

[monitor:///opt/filteredCitrixNSLogs.log]
disabled = 1
sourcetype = ns_log
index = netscaler

0 Karma

hunters_splunk
Splunk Employee
Splunk Employee

Hi, I think you should set your source type to citrix:netscaler:syslog rather than ns_log. The CIM mapping and dashboard panels are dependent on this source type. If you have not done so, please download and deploy the latest release of Splunk Add-on for Citrix NetScaler: http://splunkbase.splunk.com/app/2770. Hope it helps. Thanks!

0 Karma

ddrillic
Ultra Champion

A good place to start is at I can't find my data!

0 Karma

abdulvehhaba
Path Finder

I downvoted this post because not solved problem

0 Karma

ddrillic
Ultra Champion

It's a place to start, man.

0 Karma
Get Updates on the Splunk Community!

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...