Hi
I am using Splunk addon for Netscaler and Citrix Netscaler with Appflow,
My Splunk addon for Netscaler local input.conf is below:
I am listening 8514 port via tcpdump, there is traffic but Splunk doesn't index anything
[udp://8514]
sourcetype = ns_log
index = netscaler
disabled = 0
connection_host = ip
'# A separate IPFIX addon is needed in order for the following stanza to work. http://apps.splunk.com/app/1801/
[monitor:///opt/filteredCitrixNSLogs.log]
disabled = 1
sourcetype = ns_log
index = netscaler
Hi, I think you should set your source type to citrix:netscaler:syslog rather than ns_log. The CIM mapping and dashboard panels are dependent on this source type. If you have not done so, please download and deploy the latest release of Splunk Add-on for Citrix NetScaler: http://splunkbase.splunk.com/app/2770. Hope it helps. Thanks!
A good place to start is at I can't find my data!
I downvoted this post because not solved problem
It's a place to start, man.