Hi.
I've got some problems with the Splunk App for Citrix XenDesktop.
We install the universal forwarders and the needed addons, but there are no information about the session data.
For example, the search for the session counters did not match any events:
search index=xendesktop sourcetype=vdi:xendesktop:*:icasession InputSessionBandwidth OutputSessionBandwidth LatencySessionAverage InputSessionCompression OutputSessionCompression UserName!="" user!="_Server Total" [search index=xendesktop sourcetype=vdi:xendesktop:*:session user="xxx" | stats first(vm_name) as vm_name by user | head 1 | fields + vm_name user ] | eval SessionBandwidth=InputSessionBandwidth+OutputSessionBandwidth | timechart span=1m max(SessionBandwidth) as MaxSessionBandwidth min(SessionBandwidth) as MinSessionBandwidth median(SessionBandwidth) as "AvgSessionBandwidth" Max(LatencySessionAverage) as "LatencySessionAverage" | eval AvgSessionBandwidth = round(AvgSessionBandwidth,2) | sort - _time
I think there is a problem with the syntax or the return values of:
[search index=xendesktop sourcetype=vdi:xendesktop:*:session user="xxx" | stats first(vm_name) as vm_name by user | head 1 | fields + vm_name user ]
But I can't fix it...
Thanks,
Dominic
... View more