Is anyone successfully using the "Splunk for F5 Networks" app on Splunk 6.1? If so, would you be kind enough to share how to set it up?
I've installed this app on my search head and my forwarder. My network administrator configured the F5 according to the instructions in the app and has the syslog data forwarding to my Splunk forwarder. I can see the log files in the F5 index in Splunk. However, nothing appears in the "Splunk for F5 Networks" dashboards when I open it.
My knowledge of Splunk is limited. I only see a sourcetype of syslog in my F5 index. It looks like the app is expecting a sourcetype of syslog and then transforms it to one of F5:AFM:Syslog, F5:iRule:WebAccess, or F5:LTM:Syslog. Is this correct? If so, do I need a heavy forward for such a transformation to occur?
I'm unsure of how I would debug this problem. I would appreciate any guidance.
Hi, I also have the same issue as user vqd361. All data is coming in as syslog. I assumed that it was an issue with the format of the latest F5 LTM Tmos firmware 11.6 and the 1.1 version of the app needed fixing. (I must admit though that I haven't had a chance to have a detailed look at the formats yet though).
I'm logged in as the Admin user and I (perhaps wrongly as I'm also new to Splunk) assumed that I would have access to everything.
I've had a look at the roles that are available and I cannot see any F5 specific roles.
Can you check if your username has the right role to view the F5 index ? Go to access -> Roles & click on the role your username has & then check if there is a F5 specific role in there that you need to add to your role.,