Splunk® Supported Add-ons

Splunk Add-on for Citrix NetScaler

Configure syslog inputs for the Splunk Add-on for NetScaler

To use Splunk Connect for Syslog to collect Syslog data, see the SC4s documentation.

Splunk recommends using SC4S instead of configuring Splunk to listen for syslog messages directly.



If you want to collect syslog data using the Splunk Add-on for NetScaler, first ensure that you have configured your Citrix NetScaler appliance to produce syslog data.

There are two ways to capture the syslog data from Citrix NetScaler.

1. If you are using a syslog aggregator, create a file monitor input to monitor the file or files generated by the aggregator.

2. Create a UDP input to capture the data sent on the port you have configured in your Citrix NetScaler server.

For information about timestamp processing options for syslog events, see [http://docs.splunk.com/Documentation/AddOns/released/Overview/Syslogandtimestamps Syslog and timestamps] in ''Splunk Add-ons.''

Monitor input

If you are using a syslog aggregator, on the Splunk platform node handling data collection, set up a monitor input to monitor the file or files that are generated and set your source type to citrix:netscaler:syslog. The CIM mapping and dashboard panels are dependent on this source type.

See Monitor files and directories in the Splunk Enterprise Getting Data In manual for information about setting up a monitor input.

UDP input

In the Splunk platform node handling data collection, configure the UDP input to match your configurations in your Citrix NetScaler server and set your source type to citrix:netscaler:syslog. The CIM mapping and dashboard panels are dependent on this source type.

For information on how to configure a Splunk forwarder or single-instance to receive a syslog input, see Get data from TCP and UDP ports in the Getting Data In manual.

Validate data collection

Once you have configured the input, run this search to check that you are ingesting the data that you expect.

sourcetype=citrix:netscaler:syslog

Last modified on 22 July, 2024
Configure IPFIX inputs for the Splunk Add-on for Citrix NetScaler   Troubleshoot the Splunk Add-on for Citrix NetScaler

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters