Re: F5 LTM: default send string

davecroto · ‎12-08-2011

A Splunk customer of mine has set up the Irule to communicate with Splunk and take advantage of the Splunk for f5 Networks. The only thing that is sent udp:514 to splunk is what appears to be just a test message: "default send string".

Very novice at BigIP LTM, but know splunk pretty well....any suggestions on what needs to be configured on the LoadBalancer to get more robust logging?

BTW: It is not a sourcetype issue. This is the only syslog message we get from the loadbalancer at the moment.

ppang · ‎12-08-2011

This is the step by step guide about setting up the syslog forwarding on the BigIP LTM

http://support.f5.com/kb/en-us/solutions/public/8000/200/sol8260.html

davecroto · ‎12-08-2011

BTW: It is not a sourcetype issue. This is the only syslog message we get from the loadbalancer at the moment.

Brian_Osburn · ‎12-08-2011

Can you post a sanitized irule he's using?

F5 LTM: default send string

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI

Are you a member of the Splunk Community?

F5 LTM: default send string

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Introduction to Splunk AI