A Splunk customer of mine has set up the Irule to communicate with Splunk and take advantage of the Splunk for f5 Networks. The only thing that is sent udp:514 to splunk is what appears to be just a test message: "default send string".
Very novice at BigIP LTM, but know splunk pretty well....any suggestions on what needs to be configured on the LoadBalancer to get more robust logging?
BTW: It is not a sourcetype issue. This is the only syslog message we get from the loadbalancer at the moment.
This is the step by step guide about setting up the syslog forwarding on the BigIP LTM
http://support.f5.com/kb/en-us/solutions/public/8000/200/sol8260.html
BTW: It is not a sourcetype issue. This is the only syslog message we get from the loadbalancer at the moment.
Can you post a sanitized irule he's using?