Content Pack for Monitoring Citrix

Content Pack for Monitoring Citrix

Use the Content Pack for Monitoring Citrix

After you install and configure the Content Pack for Monitoring Citrix, your Service Analyzer should look something like this:


Tune correlation searches

Following the set-up of your environment, you can start creating actionable alerts. The content pack ships with the following enabled correlation searches that detect certain important events in your Citrix apps and infrastructure:

  • Citrix Broker DB Connection Lost
  • Citrix Broker DB Connection Restored
  • Citrix Critical Services
  • Citrix Netscaler Logon Failures
  • Citrix Netscaler Logon Success
  • Citrix Session Disconnect Event
  • Citrix Session Reconnect Event

The correlation searches create notable events in ITSI that you can manage within Episode Review. To access the searches, go to Configure > Correlation Searches. Review and tune each correlation search according to your individual environment. For more information, see Overview of correlation searches in ITSI in the Event Analytics manual.

Group events and create alerts

After you tune the correlation searches, create aggregation policies to group the events into Episodes, and set up action rules to notify the appropriate groups when certain activation criteria are met. For an overview of the entire Event Analytics workflow, beginning with notable events and ending with actionable alerts, see Overview of Event Analytics in ITSI.

Last modified on 19 August, 2022
Install and configure the Content Pack for Monitoring Citrix   Upgrade from a previous version of the Content Pack for Monitoring Citrix

This documentation applies to the following versions of Content Pack for Monitoring Citrix: 1.0.3

Was this topic useful?

You must be logged into in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters