Splunk Citrix Event Visualization

DDC Service Status Splunk Query

Here are the Splunk queries that I use to to find the status of each Citrix XenDesktop service that runs on each DDC server. It is really useful to find all services but with these Splunk queries are break out each XenDesktop service into its own query so you can slice and dice depending on what you are looking for. It speeds things up in Splunk if you can narrow the amount of data you pull in the first place.

DDC Service Status Splunk Query

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixAdIdentityService ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixAnalytics ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixBrokerService ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixConfigurationLogging ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixConfigurationService ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixDelegatedAdmin ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixEnvTest ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixHostService ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixMachineCreationService ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixMonitor ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixPrivilegedService ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CitrixStorefront ” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State


Tagged: , ,


Designing IT solutions for 20 years.


'DDC Service Status Splunk Query' has no comments

Be the first to comment this post!

Leave a Reply

Images are for demo purposes only and are properties of their respective owners. Old Paper by ThunderThemes.net