F5 timestamp inquiry

Question

Hello, we have a logfile being monitored by F5 that includes a syslog-formatted timestamp. When F5 reads the log and sends it to a secondary system, ex: Splunk, it appends another timestamp. Look at the example below with double the timestamps and server.&nbsp;
Feb 21 13:41:26 f5_monitor_server Feb 21 13:41:25 f5_dmz_server debug mcpd[6282]: save_master_key(7) called&nbsp;
What can we do to not wrap this additional timestamp and host ? I understand we can filter it out in Splunk but I don't want to waste the extra cycles as syslog is quite chatty. &nbsp;
Thanks&nbsp;

samir_jha_52506 · Answer

Reviewed both the lines, Difference between logs timestamps are 1Sec. So i recommend to add one more timestamps column in splunk server. &nbsp;

ifeldshteyn_384 · Answer

Hi, &nbsp;
" I understand we can filter it out in Splunk but I don't want to waste the extra cycles as syslog is quite chatty." &nbsp;
I am trying to get rid of the timestamp on the F5 end, not on the Splunk end. &nbsp;
Thanks. &nbsp;

Forum Discussion

F5 timestamp inquiry

Recent Discussions

F5APM SSO SAML OAUTH

unable to question about getting hsl data to be formatted properly in splunk

question about getting hsl data to be formatted properly in splunk

Problem with lets encrypt and redirect after update

automatic learning logs/report ?

Related Content

Timestamp for F5 logs

F5 Backup

Syslog Inquiry

F5 and anti-spam

F5 WAF query

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS