Hi Support,
I am running Splunk Enterprise 6.0.2 in Windows Server 2012. i need to get syslogs from F5. i have installed the "Splunk for F5 Access" app. after installed i have rebooted the server. i didn;t see any logs...
Also i have checked this Document
http://answers.splunk.com/answers/110897/splunk-for-f5-access
how do i edit the file(in the web)? where can i do(in the web/command line)?
Please help me
Thanks
when i query the log in splunk (compare the log with F5)
source="udp:514" Operation not supported. Multiple*
i see the logs in splunk
how do i configure/get data to Splunk for F5 Access App?
Yes i am getting several logs.... we have enabled logs from our firewall & F5. so i wanted to separate them. if i run sourcetype=syslog or source="udp:514" i get both device logs... how can i separate the logs?
Please run the search:
sourcetype=syslog
I want to know if you are getting any syslog data in Splunk.
yes i add UDP 514 to receive data
Did you add the UDP data input on port 514 and set the sourcetype to syslog in the Manager UI of the Splunk indexer?
So you have F5 devices sending syslog to the Splunk server on port 514? Can you verify that the syslog is getting to the actual server using windump or something similar?