All Apps and Add-ons

Splunk for Netscaler

jrod
New Member

I have installed the Splunk for Netscaler app. How do I add my Netscaler device into Splunk?

Tags (1)
0 Karma

rjyetter
Path Finder

You need to configure netscaler to send syslog to a loghost, from there you can can either use splunk or syslog or syslog-ng to capture the logs and forward to Splunk. Our current set up is the web logs are processed in real time for forensics and then FTP'd nightly to a server where Splunk consumes it. I guess it is all a matter of preference. HTH

0 Karma

splunkn
Communicator

Is it possible to have the Netscaler send directly to Splunk? I'd prefer that metod if possible as I've currently have our Netscaler setup to send ns_log direclty to Splunk but I'm not seeing any data.

nse
Explorer

You need to have splunk set up to index your logs from your NetScaler device.

To configure the app set the sourcetype of your NetScaler logs to ns_log. If your data has already been indexed under a different sourcetype you will need to create a sourcetype alias for ns_log.

0 Karma

nse
Explorer

Yes, if the logs are on a different machine than the indexer you'll have to set up forwarding or some other solution.

0 Karma

jrod
New Member

Is this set up in "Data Inputs"?

0 Karma
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...