Collect Appflow information for netscaler

Path Finder

I have configured netscaler to to send logs over to splunk. I am receiving audit logs to splunk. I have used IPFIX addon to collect appflow logs from my netscaler, I have configured appflow collectors, actions and policies, but i am not able to receive any appflow information to my splunk instance. I am getting the below message in /opt/splunk/var/log/splunk/ipfix.log

CRITICAL pid=94058 tid=MainThread | Unable to bind [ipfix://appflow] XX.XX.XX.XX:1515
2018-04-12 09:27:16,368 CRITICAL pid=94058 tid=MainThread | Traceback (most recent call last): ||   File "/opt/splunk/etc/apps/Splunk_TA_ipfix/bin/splunklib/modularinput/", line 74, in run_script ||     self.stream_events(self._input_definition, event_writer) ||   File "/opt/splunk/etc/apps/Splunk_TA_ipfix/bin/IPFIX/", line 105, in stream_events ||     s.bind((bind_host, bind_port)) ||   File "/opt/splunk/lib/python2.7/", line 228, in meth ||     return getattr(self._sock,name)(*args) || error: [Errno 99] Cannot assign requested address

my ipfix inputs.conf is as below

address = XX.XX.XX.XX
buffer = 10485760
index = netscaler
port = 1515
interval = 300

I am getting data when i search for


I have audit logs coming on port 1514, Appflow is configured on 1515.
I have no information coming when I run the command

netstat -an | grep 1515

Any help is greatly appreciated.

Thank you.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!