icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Log4Shell Vulnerability: Information and guidance for you. Get resources.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Citrix NetScaler with AppFlow
SHA256 checksum (citrix-netscaler-with-appflow_500.tgz) 91992beb4c1005d4deeb21104ab19b4789081be1c100275b23d14afea37164ff SHA256 checksum (citrix-netscaler-with-appflow_48.tgz) f94dd8be07ef173cce4b6d5fa028090372f9d447f8a588895125290756b11273 SHA256 checksum (citrix-netscaler-with-appflow_47.tgz) 1874815efaa8657b12293ee7e1ae9279088c5cec56c1f2c770523f898ebefd04 SHA256 checksum (citrix-netscaler-with-appflow_464.tgz) 61a84bdb0f84ae759a2360bb850323b6b507d911e3fbeddc5041247da73cf836 SHA256 checksum (citrix-netscaler-with-appflow_463.tgz) d6b8207b744151f5c7507f4406157adb18c63db3e5f0c8cd72e60a023f979af3 SHA256 checksum (citrix-netscaler-with-appflow_462.tgz) a483ada12533f01c8182b78541f1728381fa489f76187db93131fbbda78bcc70 SHA256 checksum (citrix-netscaler-with-appflow_461.tgz) e90246a4c25246753df17451678f6ae918bb66770b756efa053a01cb33262d17 SHA256 checksum (citrix-netscaler-with-appflow_46.tgz) 90345733729b2cf9f5c742e8df5d68a61949cc3e838d416054c3e2b2c8a77c7b SHA256 checksum (citrix-netscaler-with-appflow_45.tgz) 9b50ddca407b676bfb714d8b8d94ca58a3c8d9835fa7bb2e7b4af213c743dd51 SHA256 checksum (citrix-netscaler-with-appflow_44.tgz) 6c3fae0be71e30639da43cd0ada077b07087c8e645f329997c4a1d81204fb04e SHA256 checksum (citrix-netscaler-with-appflow_43.tgz) 615235101ad002bd88c34ec5868408a05788728dbd9735c1d08abbb427595c29 SHA256 checksum (citrix-netscaler-with-appflow_42.tgz) 797fdceef3b15a8f605daae844083f55b416bc642835c4c63c778fd7520f0e92 SHA256 checksum (citrix-netscaler-with-appflow_41.tgz) 49c7818d6a03cda68642cf36163fe21652801aef4d3503b7e1be9dd1e19bb2e1 SHA256 checksum (citrix-netscaler-with-appflow_11.tgz) 69f5f23e4add3636f6ce8b0b93b0d1c2ee17b4347ea1078e930e2360a23879bf SHA256 checksum (citrix-netscaler-with-appflow_10.tgz) 9906bc1ebfcc2bf8fd895771c27a7d86579adc45f6a5bd104208cca290bfc043 SHA256 checksum (citrix-netscaler-with-appflow_00.tgz) 9906bc1ebfcc2bf8fd895771c27a7d86579adc45f6a5bd104208cca290bfc043
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate


Citrix NetScaler with AppFlow

This app has been archived. Learn more about app archiving.
This app is NOT supported by Splunk. Please read about what that means for you here.
The Splunk for Citrix NetScaler app is a set of field extractions, reports, lookups and dashboards which provide visibility into the Citrix NetScaler AppFlow, Application Firewall and VPN data. This app is configured to work with version 9.x of the Citrix NetScaler.

Support for this content

This app is not officially supported by Splunk Support. If you have a current Splunk Enterprise Support entitlement, Splunk will provide best-effort support for cases involving this app directly, but such cases will not be subject to the Splunk Enterprise Support SLA.


The Splunk for Citrix NetScaler app is a set of field extractions, reports, lookups and dashboards which provide visibility into the Citrix NetScaler AppFlow, Application Firewall and VPN data. This app is configured to work with version 9.x of the Citrix NetScaler.

The Splunk App for NetScaler with AppFlow translates binary AppFlow data to time- stamped ASCII text, so Splunk can utilize it and put it in context of all other data in the environment such as custom application log data, logs and metrics data of application components such as web servers, application servers, databases, firewalls, hypervisors and more. With added visibility into NetScaler and Appflow data, systems administrators and application support professionals are able to get central visibility into their entire environment and are able to correctly identify performance bottlenecks that lead to user experience issues. In addition to being able to detect and troubleshoot application performance issues faster, administrators can also visualize baselines, trends and other analytics that can help them plan capacity and make transactions more efficient for a better customer experience.
Splunk’s powerful visualization provides real-time views and role-appropriate dashboards on the state of key application performance and availability metrics. The flexibility and universality of Splunk allows you to put your operational data in a business context to allow richer, more informed business decision making. It also allows you to integrate in non-IT data to provide value added analysis that support the organization’s business objectives.

Splunk App for NetScaler with AppFlow— Dashboards and Reports

The Splunk App for NetScaler with AppFlow contains over 30 reports for situational awareness and dashboards supporting key business and security performance indicators (KPIs). Key reports available include:

HTTP user agent: shows you which platforms are most commonly used to access your web application

Most requested URLs: allows you to prioritize your response time optimization

Source and destination IPs and ports: gives you real time insight into the origins of your traffic

Average transaction times and round trip response times: allows you to monitor end user service levels

Traffic analysis by applications/servers: includes analysis of latencies and bandwidth usage

Load balancing dashboard: provides views of total bytes transferred by source destination and protocol

Web application firewall dashboard: shows violations by type over time, violations by IP address and the URL of the web page attacked.

SSL-VPN dashboard Critical Statistics dashboard: indicates the number of HTTP transactions URI, virtual server, user and host trended over time.

System Audit dashboard: depicts system console events and tracking commands/changes by user.

Reports from Splunk can be downloaded in PDF or Excel format and data ranges are fully supported. Reports can also be scheduled for delivery to individuals as PDFs. The Splunk App for Citrix NetScaler supports core Splunk functionality such as the ability to drill-down into raw log data from graphical elements and robust role-based access control.

Getting Started

For this app to work your Citrix NetScaler data must be extracting fields correctly. The Field Extractions included in this app are configured for the NetScaler v 9.0 and higher.

Upgrading from versions prior to 5.0.x

  1. On your Splunk server, remove the following:
    • $SPLUNK_HOME/etc/apps/Splunk_TA_NSIndexer
    • $SPLUNK_HOME/etc/apps/Splunk_TA_IPFIX_UDP_NIX (if applicable)
    • $SPLUNK_HOME/etc/apps/Splunk_TA_IPFIX_UDP_WIN (if applicable)
  2. Follow the rest of the installation instructions below.
  3. When uploading the installer file, make sure the "Upgrade app" is selected.


  1. Install the separate Splunk Add-on for IPFIX modular input. This input is required to collect AppFlow data.
  2. Click Download on this page. The SplunkforCitrixNetScaler-x.x.x.tar.gz installer file downloads to your computer.
  3. Log into Splunk Web.
  4. Click Apps > Manage Apps.
  5. Click Install App from File.
  6. Upload the SplunkforCitrixNetScaler-x.x.x.tar.gz installer file.
  7. Restart Splunk.

More Information

If you want to query NetScaler data using Data Models, then download and install the Common Information Model app.

Release Notes

Version 5.0.0
Sept. 5, 2014

Support for NetScaler version 10.x
Dashboards converted to Simple XML
Splunk CIM Compliance
Requires separate IPFIX collector http://apps.splunk.com/app/1801/

Version 4.8
Feb. 8, 2013

For this app to work your Citrix NetScaler data must be extracting fields correctly. The Field Extractions included in this app are configured for the NetScaler v 9.

To configure the app please set the sourcetype of your NetScaler logs to ns_log. If your data has already been indexed under a different sourcetype you will need to create a sourcetype alias for ns_log

To install the app, unpack this file into $SPLUNK_HOME/etc/apps and restart.

The indexing portion of this app has been split from the main app. This is found in the /appserver/addons/NS_Indexer directory. Copy that into $SPLUNK_HOME/etc/apps on your indexer and restart

Install videos:

AppFlow Configuration

The configuration file (ipfix.conf) is located in the app's "default" directory, which is $SPLUNK_HOME/etc/apps/Splunk_TA_IPFIX_UDP/default/ipfix.conf . The appflow dashboards and reports rely on the sourcetype=appflow.

Version 4.7
Feb. 20, 2012
  • Update to use JavaScript chart, instead of Flash chart (so now the app supported iOS devices).
Version 4.6.4
Feb. 14, 2012
  • Fixed permissions in default.meta
Version 4.6.3
Feb. 1, 2012
  • Fixed a bug when incoming AppFlow records are incomplete.
  • Added a new field 'templateId' for easily searching records with a specific AppFlow Template ID.
Version 4.6.2
Oct. 17, 2011
  • Fixed bug: Duplicate Application names in AppFlow Traffic Analysis dashboards.
Version 4.6.1
Sept. 8, 2011

Fix bug with the error caused by the python script when parsing appflow traffic.

Version 4.6
Aug. 13, 2011

Fix bug with the lookup table issue.

Version 4.5
Aug. 9, 2011

Add lookup for appID (e.g. Virtual Server name) and minor interface changes.

Version 4.4
Aug. 3, 2011

This release updates the NetScaler Overview dashboard and the AppFlow Security dashboard.

Version 4.3
Aug. 1, 2011

This version includes new dashboards under AppFlow menu and bug fixes.

*** NOTE: There is a bug in Paginator components of AppFlow dashboards. For example, it may show that you have 10 pages of result data, but actually, you have only 1 or 2 pages of the result data, while the rest of the pages are blank. Hopefully, the bug will be fixed by the next version of the app.

Version 4.2
June 28, 2011

Added AppFlow Support
Added support for TCP syslog

Version 4.1
Dec. 7, 2010

created new dashboard schema using time pickers.

Version 1.1
Aug. 25, 2010

Fixed field extraction issue.
Fixed reporting fields issue

Version 1.0
Aug. 16, 2010

Updating file extensions

Version 0.0
Aug. 16, 2010

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.