All Apps and Add-ons
Highlighted

Does "F5 Networks - Analytics " work on Splunk 7.1.2?

Motivator

Does "F5 Networks - Analytics " work on Splunk 7.1.2? We are trying it, but the scheduled searches and data models do not work.

0 Karma
Highlighted

Re: Does "F5 Networks - Analytics " work on Splunk 7.1.2?

hi @lycollicott,

Could you give us a little more information on the searches and data models you tried? Your question has a better chance of being answered the more context you provide.

Thanks for posting!

0 Karma
Highlighted

Re: Does "F5 Networks - Analytics " work on Splunk 7.1.2?

Motivator

The first thing we noticed was that “F5 Dropdown Lookup Generator” never produced any results:

| tstats count, max(_time) as latest from datamodel=dropdown by host,all.tenant,all.facility,all.app,all.devicegroup
| rename all.* AS *
| outputlookup f5_dropdown_lookup.csv

“dropdown” and all of the other datamodels have zero events.

That is a result of not having the sources "bigip.objectmodel.virtual" or "bigip.objectmodel.wideip".

The only source in the f5-default index is “bigip.syslog”, so that accounts for the failing data models.

0 Karma
Highlighted

Re: Does "F5 Networks - Analytics " work on Splunk 7.1.2?

@lycollicott ,

Were you able to ever figure this out? I also am running 7.1.2 and I am getting SYSLOG data from F5 but no additional data and nothing shows up in the latest v1.0 of this F5 Module.

0 Karma
Highlighted

Re: Does "F5 Networks - Analytics " work on Splunk 7.1.2?

Motivator

No. We eventually gave up on it.

0 Karma
Highlighted

Re: Does "F5 Networks - Analytics " work on Splunk 7.1.2?

Builder

Did you set up logging on the F5 using the iapp and http event collector? Ref: https://www.f5.com/pdf/deployment-guides/f5-analytics-dg.pdf

0 Karma
Highlighted

Re: Does "F5 Networks - Analytics " work on Splunk 7.1.2?

Yea, I have the iApp setup, and the Event Collector, but how do I tell if I've received anything in from the HTTP Event Collector?

Does anyone know of any setup guides fro this F5 app for splunk, I have all the documentation in the WORLD for F5 but nothing for this app...

I have data coming in to the Index, but only from the bigip.syslog Source, no other sources.

I assigned the Analytics Profile to all Virtual Servers, but i'm not seeing any additional data, and F5 support is RTFM lol....

0 Karma
Highlighted

Re: Does "F5 Networks - Analytics " work on Splunk 7.1.2?

Builder

Well, I had this setup using the same document I referenced and it worked for me. Although I do not use the analytics iapp as the 50 or so datamodels it enabled was a big strain on our indexer layer.

Would you check your eventcollector layer logs if you see any errors w.r.t to the token that you use for f5 logs? Did you define any custom index for the logs? Is the token configured to write to all indexes that the iapp sends data to?

0 Karma
Highlighted

Re: Does "F5 Networks - Analytics " work on Splunk 7.1.2?

So I found I had to use the v3.7.2RC5 version of the F5 Analytics iApp to work in Splunk 7.1.2.

When I didn't use that version of the Analytics tool, I only received syslog events. Now i'm getting data, but i'm noticing some panels on the application portion of the Splunk module are not populating, when i look at the search queries for the panel, they say "UNDEFINED" so not sure why its doing this.

I also had to add the F5 Analytics to every Virtual Server like some one suggested, but the Splunk App still seems broken.

0 Karma
Highlighted

Re: Does "F5 Networks - Analytics " work on Splunk 7.1.2?

Influencer

The Version on splunk base should be compatible up to 7.2. maybe its newer than the version you tried?

https://splunkbase.splunk.com/app/3161/

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.