Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Would like to block a specific Source going to a Heavy Forwarder

evolutionxtinct
Explorer
‎01-15-2019 12:36 PM

Hello Community,

Resources:
- Splunk Enterprise On-Prem = v7.1.2
- F5-BIGIP = v13.1.0
- Using: F5 Analytics iApp v3.7.2RC5
- Kiwi SYSLOG (Heavy Forwarder that has a Uni. Forwarder assigned)

Issue:
I'm currently getting bombarded with over 65k events every few seconds that is related to performance data for Memory/CPU, this data comes into our Indexer and is labeled as source=bigip.tmstats.memory_usage_stat I would like to drop this source from being indexed as its taking up close to 80% of my daily license right now.

Please Note: I'm not a heavy Splunk Admin person, so please be gentle.... I break easily 🙂

Any help is greatly appreciated, thanks!

Reply

dkeck
Influencer
‎01-16-2019 02:27 AM

Hi,

sounds like thats an input of your F5 BIGIP app, just find the inputs,conf on your F5 app and disable the input with the source source=bigip.tmstats.memory_usage_stat

If you can´t find it just grep for it on your CLI in $SPLUNK_HOME/splunk/etc/apps grep -R bigip.tmstats.memory_usage_stat

OR use btool ( in $SPLUNK_HOME/splunk/bin) type ./splunk cmd btool inputs list --debug | grep bigip*

Also check your modular inputs for F5 https://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Configureinputs

0 Karma
Reply

dkeck
Influencer
‎01-16-2019 10:48 PM

If it was helpfull please accept the answer, thank you

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...