All Apps and Add-ons

Why Splunk Add on for F5 BIG IP doesn't separate sourcetypes?


Hello everyone, 

I am working right now to collect logs from F5 BIG-IP. I have a distributed Splunk Infrastructure: Heavy Forwarder, Indexer & Search Head. I installed the Splunk Add-on for F5 BIG-IP in the Search Head and Heavy Forwarer instances as recommended in Splunk documentation here: 

Then, i discovered that Splunk Add-on for F5 BIG-IP is not separating sourcetypes as expected !!! 

Also, maybe the last version of the Add-on for F5 BIG-IP (4.0.1) doesn't work with the version 16.0.0 of my F5 firewall. I read that somewhere ... But i am not sure about it! 

Anyone have an idea please? Or, when the Add-On will be updated to support it. 

PS : I'am working with Splunk Entreprise v8.0.4

Labels (2)
0 Karma

New Member

@badr_boukari  I am also facing same issue. Have you fixed this? 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...