Re: F5 LTM: default send string

davecroto · ‎12-08-2011

A Splunk customer of mine has set up the Irule to communicate with Splunk and take advantage of the Splunk for f5 Networks. The only thing that is sent udp:514 to splunk is what appears to be just a test message: "default send string".

Very novice at BigIP LTM, but know splunk pretty well....any suggestions on what needs to be configured on the LoadBalancer to get more robust logging?

BTW: It is not a sourcetype issue. This is the only syslog message we get from the loadbalancer at the moment.

ppang · ‎12-08-2011

This is the step by step guide about setting up the syslog forwarding on the BigIP LTM

http://support.f5.com/kb/en-us/solutions/public/8000/200/sol8260.html

davecroto · ‎12-08-2011

BTW: It is not a sourcetype issue. This is the only syslog message we get from the loadbalancer at the moment.

Brian_Osburn · ‎12-08-2011

Can you post a sanitized irule he's using?

F5 LTM: default send string

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Join the Conversation

F5 LTM: default send string

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey