Splunk® Supported Add-ons

Splunk Add-on for Citrix NetScaler

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Configure IPFIX inputs for the Splunk Add-on for Citrix NetScaler

To create an IPFIX input for the Splunk Add-on for Citrix NetScaler, you must first configure your Citrix NetScaler appliance to produce IPFIX data and send it to your collection node.

Configuration for Stream compatibility

Install Splunk Add-on for Stream Wire Data, Splunk App for Stream (splunk_app_stream) and Splunk Add-on for Stream Forwarders (Splunk_TA_stream) and perform the below steps in order to get IPFIX data using the Stream app.

  • Copy citrix.xml from stream_config folder of add-on to below folders:
    • splunk_app_stream/default/vocabularies/
    • Splunk_TA_stream/default/vocabularies/
  • Copy content of netflow file from stream_config folder of add-on and paste it inside the fields list of splunk_app_stream/default/streams/netflow file
  • Copy streamfwd.conf from stream_config folder of add-on to Splunk_TA_stream/local
  • Change streamfwd.conf like below:
    • [streamfwd]
ipAddr = 127.0.0.1
httpEventCollectorToken = f2060850-973b-4743-8d85-d5e89ccc28fd
processingThreads = 4
netflowReceiver.0.ip = 0.0.0.0
netflowReceiver.0.port = 4739
netflowReceiver.0.decoder = netflow
Last modified on 21 December, 2023
PREVIOUS
Configure NITRO API inputs for the Splunk Add-on for Citrix NetScaler 		  NEXT
Configure syslog inputs for the Splunk Add-on for NetScaler

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters