Splunk for LTM

Question

Hi,&nbsp;
I am just trying to prepare my Viprion Guest (12.1.1) for a splunk connection (LTM only).&nbsp;
I am following these instructions: &nbsp;
Since the instructions are not very detailed, I have a few questions:&nbsp;&nbsp;
"Follow the F5 documentation on how to configure remote logging, using the IP address of your Splunk server and 9514 as the port for UDP and 9515 as the port for TCP."&nbsp;
Do I have to set up a Standard HSL, just with the Splunk format? Where do I differ between TCP and UDP?
&nbsp;&nbsp;
Copy the iRule data provided in the iRule_http example in the table below into the definition section for the new iRule. Configure a virtual server to reference the iRule. This is the local virtual server in the BIG-IP system from which you want to send traffic events to the Splunk platform.&nbsp;
What kind of virtual server do I have to configure? Or do I have to connect the iRule to any virtual server I am using on this guest?
&nbsp;&nbsp;
Any further informations or papers regarding splunk on the BigIP would be appreciated. &nbsp;
Cheers,&nbsp;
Thorsten&nbsp;

adityoari_14383 · Answer

If you only want to send default BIG-IP event logs to the Splunk, a Splunk-formatted Log Destination will format the logs for you. &nbsp;
The iRule on the linked page is a sample for when you want to send logs to Splunk for custom events, and that iRule does the formatting inline, so you can use an unformatted Log Destination. &nbsp;

Forum Discussion

Splunk for LTM

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Setting up F5 Telemetry Streaming with Splunk Cloud

How I did it - "Visualizing Data with F5 TS and Splunk"

Splunk syslog loadbalancing

Getting Started with Splunk for F5

Need iRule for logging all LDAPS requests to HSL Splunk