Getting Data In

F5 index not properly captured

Engager

How to check if f5 logs are getting into Splunk properly?

Tags (2)

Splunk Employee
Splunk Employee

I am not sure if you are referring to a Splunk for F5 Security, but, I am having some problems related to the extractions done by this app. I followed all the steps available on pdf which came with the app (that once named Creating-a-logging-profile-for-Splunk) and I noticed that when a fields is extracted, it is being extracted field_name=value, not just the field's value. It is being a problem to filter data because the website names into the combo boxes are being extracted the same way either. I wonder if there are additional configs to generate event logs which are not part of that available doc.

Someone having similar problems, I say, related with extractions done by this app?

Thanks for any help.

0 Karma

Motivator

what does 'properly' mean? are you seeing the events in the index? have you tried searching for something you know should be in the events, over all time?

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!