Skip to content

Configure IPFIX inputs for the Splunk Add-on for Citrix NetScaler

To create an IPFIX input for the Splunk Add-on for Citrix NetScaler, you must first configure your Citrix NetScaler appliance to produce IPFIX data and send it to your collection node.

Configuration for Stream compatibility

Install Splunk Add-on for Stream Wire Data, Splunk App for Stream (splunk_app_stream) and Splunk Add-on for Stream Forwarders (Splunk_TA_stream) and perform the following steps in order to get IPFIX data using the Stream app.

  1. Copy citrix.xml from the stream_config folder of the add-on to the following folders:

    • splunk_app_stream/default/vocabularies/
    • Splunk_TA_stream/default/vocabularies/

  2. Copy the content of the netflow file from the stream_config folder of the add-on and paste it inside the fields list of splunk_app_stream/default/streams/netflow.

  3. Copy streamfwd.conf from the stream_config folder of the add-on to Splunk_TA_stream/local.

  4. Change streamfwd.conf as follows:

    [streamfwd]
ipAddr = 127.0.0.1
httpEventCollectorToken = f2060850-973b-4743-8d85-d5e89ccc28fd
processingThreads = 4
netflowReceiver.0.ip = 0.0.0.0
netflowReceiver.0.port = 4739
netflowReceiver.0.decoder = netflow