trying to implement the irule supplied by F5, we can get the irule to log to splunk.
We are having and issue with the req_elapsed_time field as it is always returning 0
Anyone else using that value and getting something other than 0 for a value?
We are trying to use the iRule to determine the response time for surfing via a particular pool and this value appears to be the one we need.
which version of F5 Big-ip you use ?
Because in 11.x the Request logging parameters to get those values is RESPONSE_MSECS
(The elapsed time in milliseconds (ms) between receiving the request and sending the response. )
I have looked into the iRule code a bit further. I reproduced this issue in my lab environment.
I made some immediate changes to the supplied iRule to correct this.
I will continue to evaluate this and provide fixes to Splunk for posting in the near future.
In the mean time here is the latest iRule. For now i copied the calculation for the req_elapsed_time to be within the context of HTTP_RESPONSE
when CLIENT_ACCEPTED {
set client [IP::client_addr]
}
when HTTP_REQUEST {
set vhost [HTTP::host]:[TCP::local_port]
set url [HTTP::uri]
set method [HTTP::method]
set http_version [HTTP::version]
set user_agent [HTTP::header "User-Agent"]
set tcp_start_time [clock clicks -milliseconds]
set req_start_time [clock format [clock seconds] -format "%Y/%m/%d %H:%M:%S"]
set req_elapsed_time 0
set virtual_server [LB::server]
if { [HTTP::header Content-Length] > 0 } then {
set req_length [HTTP::header "Content-Length"]
if {$req_length > 4000000} then {
set $req_length 4000000
}
HTTP::collect $req_length
} else {
set req_length 0
}
if { [HTTP::header "Referer"] ne "" } then {
set referer [HTTP::header "Referer"]
} else {
set referer -
}
}
when HTTP_REQUEST_DATA {
set req_elapsed_time [expr {[clock clicks -milliseconds] - $tcp_start_time}]
HTTP::release
}
when HTTP_RESPONSE {
set hsl [HSL::open -proto TCP -pool splunk-2]
set resp_start_time [clock format [clock seconds] -format "%Y/%m/%d %H:%M:%S"]
set node [IP::server_addr]:[TCP::server_port]
set status [HTTP::status]
set req_elapsed_time [expr {[clock clicks -milliseconds] - $tcp_start_time}]
if { [HTTP::header Content-Length] > 0 } then {
set response_length [HTTP::header "Content-Length"]
} else {
set response_length 0
}
HSL::send $hsl "<190>|$vhost|device_product=Splunk Web Access iRule|$client|$method|\"$url\"|HTTP/$http_version|$user_agent|\"$referer\"|$req_start_time|$req_length|$req_elapsed_time|$node|$status|$resp_start_time|$response_length|$virtual_server\r\n"
}
which version of F5 Big-ip you use ?
Because in 11.x the Request logging parameters to get those values is RESPONSE_MSECS
(The elapsed time in milliseconds (ms) between receiving the request and sending the response. )
There is good article on devcentral:
https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1084350/BIG-...
we're running 10.2.1 right now
I have forwarded the link to the group that has access to see if they can get a response through that.
If there are any other hints for the irule code that would be appreciated.
thanks for the response