Splunk Add-on for F5 BIG-IP (built and officially supported by Splunk)
Pulls data from F5, you have option to filter and specify what data you are interested in.
You can only ingest the data into Splunk using this App, Visualizations you have to create your own..
Require credentials with apropriate role to query F5 for the data, and password management is bit challenge when more F5s and no integrated authentication.
F5 Networks - Analytics (built and officially supported by F5)
Require no authentication, depends on F5 iApp to push the data to Splunk indexers
Comes with pre-built Data Models & Dashboards
Visualization are very slow and doesn't appear to me scaleable to larger audience
What I ended up doing is using F5 Networks - Analytics (built and officially supported by F5) App for data models (F5 iApp push data to Splunk indexers) and build my own visualization.
... View more
We configured all events to go one index "f5-default"
I tried using F5 Splunk app as it is and not convinced the way it work/present. I find the app is very resource intensive and not scale-able when we have large user base.
We are using data models came with F5 App, however changed the App visibility to "No".
We are using 5 minute aggregation data from F5 to Splunk and it defeat the idea of showing near real time. So I am using F5 interval data in combination with SNMP Traps F5 sending when there is change in status of a Pool/Pool Member.
I created few saved searches which run every 1 minute, 10 minute and daily based on requirement and creating outputlookup(s). Using these outputlookup files, created several dashboards to show health of Pool/PoolMember/VIP and also correlating with several other events that we already have in Splunk.
Events from Real User Monitoring Tool (Agentless).
PoolMember resource alarms (Ex: CPU, Memory, Disk, Network)
RHEV/CloudForms/Puppet events for the PoolMember (Ex: VM Migration, Hypervisor/Host memory presssure etc.,)
PoolMember Syslog Events for known exceptions
PoolMember Application Log Exceptions/events
If the server is in maintenance mode for some scheduled activity
JVM, Database events
... View more