happynfocus_245
Feb 04, 2016Nimbostratus
F5 ASM Splunk: source and host attributes have wrong data
I configured F5 ASM sending the alerts to splunk. At first I did not install any addons, and realized the logs are weird, and the source and host attributes have wrong data. The "host" attribute has the value "tcp:1514"
I then search the Splunk Apps and installed "Splunk Add-on for F5 BIG-IP." But even I launched "Splunk for F5 Security" to do the searching, it is the same result.
Any ideas? Thanks and really appreciate it!!