All Apps and Add-ons
Highlighted

data need to control citrix users and sessions only

Engager

HI I setup trial splunk and app for citrix.
The only thing i want to control overtime is
how many concurrent users and sessions i have at a given time.
I'm getting a lot of data (cpu , memory etc etc), and splunk is indexing much more than 500 MB / day for 3 xenapp servers.
What i would like to know is how to setup the forwarder in order to just get / index the minimum data so i can control users and session usage ?

0 Karma
Highlighted

Re: data need to control citrix users and sessions only

Super Champion

On the forwarder for all three servers, in the splunkuniversalforwarder\etc\apps folder search all of the apps for \local\inputs.conf files and change the disabled = 0 to disabled = 1 for all inputs that you don't want. Then do the same thing for perfmon.conf and wmi.conf. Then check the splunkuniversalforwarder\etc\system\local folder for those same files and do the same thing.
This will only affect indexing after a Splunk restart on each server after the changes are made. After the restart, let us know if there are any unwanted sourcetypes that are still getting indexed.

View solution in original post

Highlighted

Re: data need to control citrix users and sessions only

Engager

Hi Luke ,
Thanks for your help i will try and get back to give feedback tomorrow).
Miguel

0 Karma
Highlighted

Re: data need to control citrix users and sessions only

Engager

Hi Luke ,
It looks like that problem of data volume is solved ... now we will work on fine tunning
Thanks !
Regards,
Miguel

0 Karma
Highlighted

Re: data need to control citrix users and sessions only

Super Champion

Good news. Time to tune.

0 Karma