All Apps and Add-ons

App for A10 Networks



Anyone have experienced any issus with the App for A10 Networks, more precisely with SLB?

I have been using the Aflex default file on my A10 Load Balancer, distributed with the APP, but some values on dashboards appears completely out of order and without any context.

I believe that the problem is related with the form that the Aflex format the string for logging.

// Format strings for logging
set log_str "$date_time_request $c_ip $s_ip $s_port $cs_method $cs_uri_stem $cs_uri_query $n_ip $n_port $sc_status $sc_bytes $cs_bytes $final_time_taken $cs_useragent $cs_referer"

Any Tip?



0 Karma

New Member

Our dashboards were logging the time stamps as IP addresses. To resolve the issue we changed the props file extraction to EXTRACT-time to {8} from {6} then changed the other EXTRACT fields so they were higher than the previous EXTRACT {} field.

New props.

EXTRACT-date = (?i)logging_w3c:(?P[^ ]+)
EXTRACT-time = (?i)^(?:[^ ]* ){8}(?P[^ ]+)
EXTRACT-c_ip = (?i)^(?:[^ ]* ){9}(?P[^ ]+)
EXTRACT-s_ip = (?i)^(?:[^ ]* ){10}(?P[^ ]+)
EXTRACT-s_port = (?i)^(?:[^ ]* ){11}(?P[^ ]+)
EXTRACT-cs_method = (?i)^(?:[^ ]* ){12}(?P[^ ]+)
EXTRACT-cs_uri_stem = (?i)^(?:[^ ]* ){13}(?P[^ ]+)
EXTRACT-cs_uri_query = (?i)^(?:[^ ]* ){14}(?P[^ ]+)
EXTRACT-n_ip = (?i)^(?:[^ ]* ){15}(?P[^ ]+)
EXTRACT-n_port = (?i)^(?:[^ ]* ){16}(?P[^ ]+)
EXTRACT-sc_status = (?i)^(?:[^ ]* ){17}(?P[^ ]+)
EXTRACT-sc_bytes = (?i)^(?:[^ ]* ){18}(?P[^ ]+)
EXTRACT-cs_bytes = (?i)^(?:[^ ]* ){19}(?P[^ ]+)
EXTRACT-final_time_taken = (?i)^(?:[^ ]* ){20}(?P[^ ]+)
EXTRACT-cs_useragent = (?i)^(?:[^ ]* ){21}(?P[^ ]+)
EXTRACT-cs_referer = (?i)^(?:[^ ]* ){22}(?P[^ ]+)

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...