Hi.
I've got some problems with the Splunk App for Citrix XenDesktop.
We install the universal forwarders and the needed addons, but there are no information about the session data.
For example, the search for the session counters did not match any events:
search index=xendesktop sourcetype=vdi:xendesktop:*:icasession InputSessionBandwidth OutputSessionBandwidth LatencySessionAverage InputSessionCompression OutputSessionCompression UserName!="" user!="_Server Total" [search index=xendesktop sourcetype=vdi:xendesktop:*:session user="xxx" | stats first(vm_name) as vm_name by user | head 1 | fields + vm_name user ] | eval SessionBandwidth=InputSessionBandwidth+OutputSessionBandwidth | timechart span=1m max(SessionBandwidth) as MaxSessionBandwidth min(SessionBandwidth) as MinSessionBandwidth median(SessionBandwidth) as "AvgSessionBandwidth" Max(LatencySessionAverage) as "LatencySessionAverage" | eval AvgSessionBandwidth = round(AvgSessionBandwidth,2) | sort - _time
I think there is a problem with the syntax or the return values of:
[search index=xendesktop sourcetype=vdi:xendesktop:*:session user="xxx" | stats first(vm_name) as vm_name by user | head 1 | fields + vm_name user ]
But I can't fix it...
Thanks,
Dominic
Did you rebuild the Desktop Lookup Table? You will find it under the reports under Virtual Desktop Lookup.
Also... if you using a shared image you need to make sure to have startup script that changes the hostname.
Something like this
@echo off
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe cmd btool.exe --user=nobody --app=system server delete general guid
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe cmd splunkd rest POST /services/server/settings/settings host=%COMPUTERNAME%
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe cmd splunkd rest POST /services/server/settings/settings serverName=%COMPUTERNAME%
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe start
NOTE: If this is done on a PVS image or other distributed image please make sure the Splunk Services startup is set to manual.
Did you rebuild the Desktop Lookup Table? You will find it under the reports under Virtual Desktop Lookup.
Also... if you using a shared image you need to make sure to have startup script that changes the hostname.
Something like this
@echo off
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe cmd btool.exe --user=nobody --app=system server delete general guid
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe cmd splunkd rest POST /services/server/settings/settings host=%COMPUTERNAME%
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe cmd splunkd rest POST /services/server/settings/settings serverName=%COMPUTERNAME%
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe start
NOTE: If this is done on a PVS image or other distributed image please make sure the Splunk Services startup is set to manual.
i have updated the Splunk App for XenDesktop docs to include this information:
http://docs.splunk.com/Documentation/XenDT/2.0/DeployXenDT/InstalltheuniversalforwarderontheVDAs#Usi...
Okay... now I think it is a problem with the hostname of the client. Every event from the provisioned client is marked with the hostname of the golden master client.
The splunkd logfile from the UF says:
06-11-2012 15:50:16.080 +0200 INFO ServerConfig - My GUID is "53C7B763-37D3-45B9-92DA-84036B8A0B76".
06-11-2012 15:50:16.080 +0200 INFO ServerConfig - My server name is "golden master name".
06-11-2012 15:50:16.080 +0200 INFO ServerConfig - My hostname is "client name".