Re: Splunk for Netscaler

jrod · ‎02-08-2011

I have installed the Splunk for Netscaler app. How do I add my Netscaler device into Splunk?

rjyetter · ‎03-09-2011

You need to configure netscaler to send syslog to a loghost, from there you can can either use splunk or syslog or syslog-ng to capture the logs and forward to Splunk. Our current set up is the web logs are processed in real time for forensics and then FTP'd nightly to a server where Splunk consumes it. I guess it is all a matter of preference. HTH

splunkn · ‎02-23-2012

Is it possible to have the Netscaler send directly to Splunk? I'd prefer that metod if possible as I've currently have our Netscaler setup to send ns_log direclty to Splunk but I'm not seeing any data.

nse · ‎02-08-2011

You need to have splunk set up to index your logs from your NetScaler device.

To configure the app set the sourcetype of your NetScaler logs to ns_log. If your data has already been indexed under a different sourcetype you will need to create a sourcetype alias for ns_log.

nse · ‎02-08-2011

Yes, if the logs are on a different machine than the indexer you'll have to set up forwarding or some other solution.

jrod · ‎02-08-2011

Is this set up in "Data Inputs"?

Splunk for Netscaler

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor