F5 timestamp inquiry

Question

Hello, we have a logfile being monitored by F5 that includes a syslog-formatted timestamp. When F5 reads the log and sends it to a secondary system, ex: Splunk, it appends another timestamp. Look at the example below with double the timestamps and server.&nbsp;
Feb 21 13:41:26 f5_monitor_server Feb 21 13:41:25 f5_dmz_server debug mcpd[6282]: save_master_key(7) called&nbsp;
What can we do to not wrap this additional timestamp and host ? I understand we can filter it out in Splunk but I don't want to waste the extra cycles as syslog is quite chatty. &nbsp;
Thanks&nbsp;

samir_jha_52506 · Answer

Reviewed both the lines, Difference between logs timestamps are 1Sec. So i recommend to add one more timestamps column in splunk server. &nbsp;

ifeldshteyn_384 · Answer

Hi, &nbsp;
" I understand we can filter it out in Splunk but I don't want to waste the extra cycles as syslog is quite chatty." &nbsp;
I am trying to get rid of the timestamp on the F5 end, not on the Splunk end. &nbsp;
Thanks. &nbsp;

Forum Discussion

F5 timestamp inquiry

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Failing over Virtual F5 VE to DR location using Zerto

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

Related Content

F5 BIG-IP Logging API timestamp to UTC

F5 HTTPS Redirect 2025

F5 Threat Report - November 26th, 2025

Certificate Bundle Timestamp Query

F5 Threat Report - November 19th, 2025

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS