Forum Discussion
Jan 14, 2022
ELK Logs Vs F5 - Is there a complete solution anywhere? - If not, can we make one?
Hi All, This has been bothering me for some time now, I've used f5 for many years now, and its many different modules and log types have always bothered me when looking at external logging. Identify...
Feb 02, 2022
Hey Pete
I actually wrote a logstash parser for a customer of mine a few years ago.
Too bad I could not share it due to NDAs.
However, I can share one thing which sprang out of the excercise:
https://loadbalancing.se/2020/03/11/logstash-testing-tool/
It's not what you're looking for, but it might help when writing the pipeline. At least it helped me a lot when developing parsers.
Also wanted to input that part of the reason why this was a bit painful:
- In order to get synergy from parsing the logs the field names should match those of other sources. Makes it easier to correlate data. I have not found an opinionated database with recommended field names, but I feel that if there is a need for such.
- F5 logs are pretty much free text after the log header. It was (somewhat) easy to catch the common things, but I found after a while that there were subtle differences between even the standard log messages (pool member down etc) and I pulled my hair multiple times when trying to figure it out.
Kind regards,
Patrik
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects