- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- XenDesktop -> user experience -> no session inform...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi.
I've got some problems with the Splunk App for Citrix XenDesktop.
We install the universal forwarders and the needed addons, but there are no information about the session data.
For example, the search for the session counters did not match any events:
search index=xendesktop sourcetype=vdi:xendesktop:*:icasession InputSessionBandwidth OutputSessionBandwidth LatencySessionAverage InputSessionCompression OutputSessionCompression UserName!="" user!="_Server Total" [search index=xendesktop sourcetype=vdi:xendesktop:*:session user="xxx" | stats first(vm_name) as vm_name by user | head 1 | fields + vm_name user ] | eval SessionBandwidth=InputSessionBandwidth+OutputSessionBandwidth | timechart span=1m max(SessionBandwidth) as MaxSessionBandwidth min(SessionBandwidth) as MinSessionBandwidth median(SessionBandwidth) as "AvgSessionBandwidth" Max(LatencySessionAverage) as "LatencySessionAverage" | eval AvgSessionBandwidth = round(AvgSessionBandwidth,2) | sort - _time
I think there is a problem with the syntax or the return values of:
[search index=xendesktop sourcetype=vdi:xendesktop:*:session user="xxx" | stats first(vm_name) as vm_name by user | head 1 | fields + vm_name user ]
But I can't fix it...
Thanks,
Dominic
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you rebuild the Desktop Lookup Table? You will find it under the reports under Virtual Desktop Lookup.
Also... if you using a shared image you need to make sure to have startup script that changes the hostname.
Something like this
@echo off
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe cmd btool.exe --user=nobody --app=system server delete general guid
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe cmd splunkd rest POST /services/server/settings/settings host=%COMPUTERNAME%
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe cmd splunkd rest POST /services/server/settings/settings serverName=%COMPUTERNAME%
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe start
NOTE: If this is done on a PVS image or other distributed image please make sure the Splunk Services startup is set to manual.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you rebuild the Desktop Lookup Table? You will find it under the reports under Virtual Desktop Lookup.
Also... if you using a shared image you need to make sure to have startup script that changes the hostname.
Something like this
@echo off
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe cmd btool.exe --user=nobody --app=system server delete general guid
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe cmd splunkd rest POST /services/server/settings/settings host=%COMPUTERNAME%
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe cmd splunkd rest POST /services/server/settings/settings serverName=%COMPUTERNAME%
C:\"Program Files"\splunkuniversalforwarder\bin\splunk.exe start
NOTE: If this is done on a PVS image or other distributed image please make sure the Splunk Services startup is set to manual.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i have updated the Splunk App for XenDesktop docs to include this information:
http://docs.splunk.com/Documentation/XenDT/2.0/DeployXenDT/InstalltheuniversalforwarderontheVDAs#Usi...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay... now I think it is a problem with the hostname of the client. Every event from the provisioned client is marked with the hostname of the golden master client.
The splunkd logfile from the UF says:
06-11-2012 15:50:16.080 +0200 INFO ServerConfig - My GUID is "53C7B763-37D3-45B9-92DA-84036B8A0B76".
06-11-2012 15:50:16.080 +0200 INFO ServerConfig - My server name is "golden master name".
06-11-2012 15:50:16.080 +0200 INFO ServerConfig - My hostname is "client name".
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
