I am trying to get IPFIX data indexed into Splunk.
I am on a clustered environment with 4 Indexers.
I am following the guide below on setting up Appflow and sending them over to a Specific PORT (5514)
https://media.plixer.com/resources/configs/Citrix-Netscaler-AppFlow-Configuration-Guide.pdf
Now I currently have a Load Balancer (1.1.1.1) and behind it are two Syslog-NG Servers (which I have installed a Heavy Forwarder - which just monitors directories and sends them over to be indexed)
Can I go ahead and setup the Appflow to Point over to the Load Balancer on a Specific port (5514); will it's output be a log file?
Will the two Heavy Forwarders be where I would install the Splunk Add-on for IPFIX and configure to Listen on 5514?
OR
Should I install IPFIX on to a SearchHead along with the Splunk Add-on for Netscaler Citrix installed along with the IPFIX?
↧