All Apps and Add-ons

cannot see sourcetype=f5:bigip:asm:syslog logs explicitly

gchauhan
Engager

Hello Friends 
I am facing issues that may be caused by input.conf but I am not able to get bottom of the problem
when I search index=network "*f5*"

in which 2 types of sourcetype are coming 
f5:bigip:syslog
f5:bigip:asm:syslog

and certain event count against each sourcetype

when search index=network and sourcetype="*f5*", 

then under index=network
f5:bigip:ltm:tcl:error
f5:bigip:syslog

and certain event count against each sourcetype

but when I put index=network sourcetype="f5:bigip:asm:syslog"
no events is found

I am collecting the data from f5 on a server (HF) and collecting the data on indexer from HF. Add on are installed but I am not sure whether its configured.

Input.conf contains entry for f5:bigip:syslog

can someone please help

Regards
Gaurav
@prakash007 
@renjith_nair 
@jbsplunk 

Labels (3)
Tags (2)
0 Karma
Get Updates on the Splunk Community!

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...

Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI ...

Part 1: A Guide to Maximizing Splunk IT Service Intelligence

As modern IT environments continue to grow in complexity and speed, the ability to efficiently manage and ...