Warning: Creating default object from empty value in /homepages/34/d764921368/htdocs/clickandbuilds/LoganBingham/wp-content/themes/oldpaper/framework/ReduxCore/inc/class.redux_filesystem.php on line 29
Splunk Queries for Citrix XenDesktop Services - Logan Bingham Splunk Queries for Citrix XenDesktop Services - Logan Bingham
Splunk Citrix Query

Splunk Queries for Citrix XenDesktop Services

I developed the following Splunk queries to count how many of each XenDesktop service is running in the Citrix Environment. Each query is based upon the Windows Service name and looks for the Start Mode to be AUTO. It will return a count of the service if the service is running or not. You only want to know the count if the service is running that is an easy change to the ‘State’ field value.

The Citrix EUEM service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”Citrix EUEM” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Encryption Service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”Citrix Encryption Service” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Licensing service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”Citrix Licensing” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Peer Resolution Service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”Citrix Peer Resolution Service” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix AD Identity Service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixAdIdentityService” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Analytics service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixAnalytics” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Broker Service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixBrokerService” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Configuration Logging service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixConfigurationLogging” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Configuration Replication service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixConfigurationReplication” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Configuration Service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixConfigurationService” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Credential Wallet service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixCredentialWallet” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix CSE Engine service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixCseEngine” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Default Domain Service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixDefaultDomainService” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Delegated Admin service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixDelegatedAdmin” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Environment Test service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixEnvTest” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Host Service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixHostService” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Machine Creation Service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixMachineCreationService” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Monitor service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixMonitor” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Privileged Service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixPrivilegedService” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Redirector service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixRedirector” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Service Monitor service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixServiceMonitor” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Storefront service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixStorefront” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Subscriptions Store service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixSubscriptionsStore” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Telemetry Service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixTelemetryService” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y

The Citrix Web Services for Licensing service:

index=”windows” source=”service” eventtype=hostmon_windows Type=”Service” host=”*” Name=”CitrixWebServicesforLicensing” StartMode=”Auto” State=”*”
| dedup host
| chart count(Name) as y



Designing IT solutions for 20 years.


'Splunk Queries for Citrix XenDesktop Services' has no comments

Be the first to comment this post!

Leave a Reply

Images are for demo purposes only and are properties of their respective owners. Old Paper by ThunderThemes.net