Splunk Query for Citrix PVS Services

Splunk Citrix Event Visualization

Splunk Plus Citrix

If you have Citrix Xen Desktop in your environment you might be using PVS Server. Citrix PVS Server is a great way to decrease operational maintenance and VM density in your virtual environment. In case you want to use Splunk to analyze the data about your PVS environment here are the queries that I use. It is not defined by host so it will dynamically build the list for you based on the PVS services that are running on each host in your environment.

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”CdfSvc” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”ComTradeMPPVSAgent” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”BNBOOTP” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”BNPXE” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”BNAbs” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”soapserver” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”StreamService” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State
index=”windows”

eventtype=hostmon_windows Type=Service host=”*” Name=”BNTFTP” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

index=”windows” eventtype=hostmon_windows Type=Service host=”*” Name=”PVSTSB” StartMode=”Auto” State=”*” | dedup host | sort host, State | table host, State

Author: Logan Bingham

Designing IT solutions for 20 years.

Leave a Reply