Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

citrix VDI & WAF logs onboarding into splunk

Sankar
Explorer
‎04-21-2025 05:19 AM

Hi All,

I am looking for help onboard citrix VDI logs & Citrix WAF logs into the splunk. Splunk add on not available. also we got confirmed splunk support.

can anyone help & guide what is best practice onboard citrix VDI & WAF logs.

much appreciated if you have solutions.  

Labels (2)
Labels
0 Karma
Reply

Sankar
Explorer
‎04-23-2025 06:44 AM

Thanks for reply. it will helpful information, currently working with this, lets update once its been done.

I am looking Citrix WAF logs onboard into the splunk. do you have any suggestions?

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎04-21-2025 07:38 AM

Hi @Sankar 

Please can you check that https://splunkbase.splunk.com/app/6280 (Citrix Analytics Add-on for Splunk) doesnt solve any of your requirements? I am not too familiar with Citrix but it does specifically mention VDI.

Aside from that, you would need to check the the output capabilities from the Citrix tooling, I suspect that it will be syslog unless it has a dedicated Splunk output.

If you end up going down the syslog route then you should look into using Splunk Connect for Syslog (SC4S) or using something like rsyslog to capture the syslog feed onto the filesystem and then forward in to Splunk with a UF.

I would recommend sending the data to a development environment first, ensuring that you configure the relevant props/transforms to ensure they meet your requirements before sending to your production environment.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...