Splunk® Content Packs for ITSI and IT Essentials Work

Splunk Content Packs for ITSI and IT Essentials Work

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Data requirements for the Content Pack for Monitoring Citrix

The Content Pack for Monitoring Citrix requires that you install several Citrix add-ons to collect and send data to your Splunk deployment. The following diagram describes where to install each add-on:

CitrixData.png

Install the Splunk Add-on for Microsoft IIS

Download the Splunk Add-on for Microsoft IIS from Splunkbase. The add-on allows a Splunk software administrator to collect Web site activity data in the W3C log file format from Microsoft IIS servers. For detailed installation instructions, see Install the Splunk Add-on for Microsoft IIS.

Adjust StoreFront KV setup

StoreFront doesn't follow the same naming convention as the default IIS logs. You have to modify the formatting of the defined transform in order for StoreFront IIS data to use the appropriate field list.

  1. Within ITSI, go to Settings > Fields > Field transformations.
  2. Change the app context to Splunk Add-on for Microsoft IIS.
  3. Open auto_kv_for_iis_default, which is the only transform that comes with the IIS add-on.
  4. The field list for the transform is the default listing for internet information services log types. Change the field list to the following in order for the StoreFront logs to properly parse:
    date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
  5. Click Save.

This change might have downstream affects, such as breaking other data sources leading to other IIS logs not parsing properly.

Install the Template for Citrix XenDesktop 7

Download the Template for Citrix XenDesktop 7 from Splunkbase. The add-on contains the knowledge objects and index creation required to start collecting Citrix data. If you're in a distributed environment, you need to deploy some components to your indexers and some to the search heads as there is index creation, or you can create those indexes manually. For detailed installation instructions, see Template for Citrix XenDesktop 7 Installation on GitHub.

Install the Splunk Add-on for Citrix NetScaler

Download the Splunk Add-on for Citrix NetScaler from Splunkbase. The add-on handles the sourcetypes for NetScaler Syslog data. For installation instructions, see Install the Splunk Add-on for Citrix NetScaler.

Last modified on 29 June, 2021
PREVIOUS
Release notes for the Content Pack for Monitoring Citrix
  NEXT
Install and configure the Content Pack for Monitoring Citrix

This documentation applies to the following versions of Splunk® Content Packs for ITSI and IT Essentials Work: current


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters