I have installed the Splunk for Netscaler app. How do I add my Netscaler device into Splunk?
You need to configure netscaler to send syslog to a loghost, from there you can can either use splunk or syslog or syslog-ng to capture the logs and forward to Splunk. Our current set up is the web logs are processed in real time for forensics and then FTP'd nightly to a server where Splunk consumes it. I guess it is all a matter of preference. HTH
Is it possible to have the Netscaler send directly to Splunk? I'd prefer that metod if possible as I've currently have our Netscaler setup to send ns_log direclty to Splunk but I'm not seeing any data.
You need to have splunk set up to index your logs from your NetScaler device.
To configure the app set the sourcetype of your NetScaler logs to ns_log. If your data has already been indexed under a different sourcetype you will need to create a sourcetype alias for ns_log.
Yes, if the logs are on a different machine than the indexer you'll have to set up forwarding or some other solution.
Is this set up in "Data Inputs"?