All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to configure Splunk for F5 Networks for Splunk 6.1? Dashboards are not populating data.

vqd361
Path Finder
‎09-25-2014 06:33 PM

Is anyone successfully using the "Splunk for F5 Networks" app on Splunk 6.1? If so, would you be kind enough to share how to set it up?

I've installed this app on my search head and my forwarder. My network administrator configured the F5 according to the instructions in the app and has the syslog data forwarding to my Splunk forwarder. I can see the log files in the F5 index in Splunk. However, nothing appears in the "Splunk for F5 Networks" dashboards when I open it.

My knowledge of Splunk is limited. I only see a sourcetype of syslog in my F5 index. It looks like the app is expecting a sourcetype of syslog and then transforms it to one of F5:AFM:Syslog, F5:iRule:WebAccess, or F5:LTM:Syslog. Is this correct? If so, do I need a heavy forward for such a transformation to occur?

I'm unsure of how I would debug this problem. I would appreciate any guidance.

Tags (1)
Reply

makingsa
New Member
‎11-20-2014 01:38 AM

Hi, I also have the same issue as user vqd361. All data is coming in as syslog. I assumed that it was an issue with the format of the latest F5 LTM Tmos firmware 11.6 and the 1.1 version of the app needed fixing. (I must admit though that I haven't had a chance to have a detailed look at the formats yet though).

I'm logged in as the Admin user and I (perhaps wrongly as I'm also new to Splunk) assumed that I would have access to everything.

I've had a look at the roles that are available and I cannot see any F5 specific roles.

Any help would be greatly received.

0 Karma
Reply

jdhillon_splunk
Splunk Employee
Splunk Employee
‎10-21-2014 05:24 PM

Can you check if your username has the right role to view the F5 index ? Go to access -> Roles & click on the role your username has & then check if there is a F5 specific role in there that you need to add to your role.,

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...