Re: Splunk for F5 Access

hikumaran · ‎03-19-2014

Hi Support,

I am running Splunk Enterprise 6.0.2 in Windows Server 2012. i need to get syslogs from F5. i have installed the "Splunk for F5 Access" app. after installed i have rebooted the server. i didn;t see any logs...

Also i have checked this Document
http://answers.splunk.com/answers/110897/splunk-for-f5-access

how do i edit the file(in the web)? where can i do(in the web/command line)?

Please help me

Thanks

hikumaran · ‎03-20-2014

when i query the log in splunk (compare the log with F5)

source="udp:514" Operation not supported. Multiple*

i see the logs in splunk

how do i configure/get data to Splunk for F5 Access App?

hikumaran · ‎03-20-2014

Yes i am getting several logs.... we have enabled logs from our firewall & F5. so i wanted to separate them. if i run sourcetype=syslog or source="udp:514" i get both device logs... how can i separate the logs?

dmaislin_splunk · ‎03-20-2014

Please run the search:

sourcetype=syslog

I want to know if you are getting any syslog data in Splunk.

hikumaran · ‎03-20-2014

yes i add UDP 514 to receive data

dmaislin_splunk · ‎03-20-2014

Did you add the UDP data input on port 514 and set the sourcetype to syslog in the Manager UI of the Splunk indexer?

sdaniels · ‎03-20-2014

So you have F5 devices sending syslog to the Splunk server on port 514? Can you verify that the syslog is getting to the actual server using windump or something similar?

Splunk for F5 Access

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

Join the Conversation