DDC Service Status Splunk Query

Here are the Splunk queries that I use to to find the status of each Citrix XenDesktop service that runs on each DDC server. It is really useful to find all services but with these Splunk queries are break out each XenDesktop service into its own query so you can slice and dice depending on what you are looking for. It speeds things up in Splunk if you can narrow the amount of data you pull in the first place.

DDC Service Status Splunk Query

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixAdIdentityService ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixAnalytics ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixBrokerService ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixConfigurationLogging ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixConfigurationService ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixDelegatedAdmin ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixEnvTest ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixHostService ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixMachineCreationService ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixMonitor ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixPrivilegedService ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixStorefront ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State