how to add HTTP HOST to telemetry (Generic HTTP)?
Hi,
We got Telemtry working. We used the Generic HTTP method. For LTM, a lot of info is sent, but the 'HTTP HOST' is missing. We used this configuration
create ltm profile request-log telemetry_traffic_log_profile request-log-pool telemetry request-log-protocol mds-tcp request-log-template event_source=\"request_logging\",hostname=\"$BIGIP_HOSTNAME\",client_ip=\"$CLIENT_IP\",server_ip=\"$SERVER_IP\",http_method=\"$HTTP_METHOD\",http_uri=\"$HTTP_URI\",virtual_name=\"$VIRTUAL_NAME\",event_timestamp=\"$DATE_HTTP\" request-logging enabled response-log-pool telemetry response-log-protocol mds-tcp response-log-template event_source=\"response_logging\",hostname=\"$BIGIP_HOSTNAME\",client_ip=\"$CLIENT_IP\",server_ip=\"$SERVER_IP\",http_method=\"$HTTP_METHOD\",http_uri=\"$HTTP_URI\",virtual_name=\"$VIRTUAL_NAME\",event_timestamp=\"$DATE_HTTP\",http_statcode=\"$HTTP_STATCODE\",http_status=\"$HTTP_STATUS\",response_ms=\"$RESPONSE_MSECS\" response-logging enabled - from https://clouddocs.f5.com/products/extensions/f5-telemetry-streaming/1.20/event-listener.html#requestlog
It would be really usefull to add the HTTP HOST to the logging. I have searched but can't seem to find it. Is it possible? Maybe a JMESpath expression?
Thanks
It has been resolved via the github issue.
Solution:
For anyone who would need this:
you have to add: http_host=${Host} to the request logging profile.
Request log template becomes (similar for response logging): event_source="request_logging",hostname="$BIGIP_HOSTNAME",client_ip="$CLIENT_IP",server_ip="$SERVER_IP",http_method="$HTTP_METHOD",http_uri="$HTTP_URI",virtual_name="$VIRTUAL_NAME",event_timestamp="$DATE_HTTP",http_host="${host}"For us specifically, it was for the F5-Elastic integration, info docs below:
https://docs.elastic.co/integrations/f5_bigip
https://github.com/elastic/integrations/blob/main/packages/f5_bigip/data_stream/log/elasticsearch/ingest_pipeline/pipeline_bigipltm.yml