Re: F5 LTM: default send string

davecroto · ‎12-08-2011

A Splunk customer of mine has set up the Irule to communicate with Splunk and take advantage of the Splunk for f5 Networks. The only thing that is sent udp:514 to splunk is what appears to be just a test message: "default send string".

Very novice at BigIP LTM, but know splunk pretty well....any suggestions on what needs to be configured on the LoadBalancer to get more robust logging?

BTW: It is not a sourcetype issue. This is the only syslog message we get from the loadbalancer at the moment.

ppang · ‎12-08-2011

This is the step by step guide about setting up the syslog forwarding on the BigIP LTM

http://support.f5.com/kb/en-us/solutions/public/8000/200/sol8260.html

davecroto · ‎12-08-2011

BTW: It is not a sourcetype issue. This is the only syslog message we get from the loadbalancer at the moment.

Brian_Osburn · ‎12-08-2011

Can you post a sanitized irule he's using?

F5 LTM: default send string

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation