Forum Discussion
Cypher
Cirrus
Cirrushow to add HTTP HOST to telemetry (Generic HTTP)?
Hi,
We got Telemtry working. We used the Generic HTTP method. For LTM, a lot of info is sent, but the 'HTTP HOST' is missing. We used this configuration
create ltm profile request-log telemetry_traffic_log_profile request-log-pool telemetry request-log-protocol mds-tcp request-log-template event_source=\"request_logging\",hostname=\"$BIGIP_HOSTNAME\",client_ip=\"$CLIENT_IP\",server_ip=\"$SERVER_IP\",http_method=\"$HTTP_METHOD\",http_uri=\"$HTTP_URI\",virtual_name=\"$VIRTUAL_NAME\",event_timestamp=\"$DATE_HTTP\" request-logging enabled response-log-pool telemetry response-log-protocol mds-tcp response-log-template event_source=\"response_logging\",hostname=\"$BIGIP_HOSTNAME\",client_ip=\"$CLIENT_IP\",server_ip=\"$SERVER_IP\",http_method=\"$HTTP_METHOD\",http_uri=\"$HTTP_URI\",virtual_name=\"$VIRTUAL_NAME\",event_timestamp=\"$DATE_HTTP\",http_statcode=\"$HTTP_STATCODE\",http_status=\"$HTTP_STATUS\",response_ms=\"$RESPONSE_MSECS\" response-logging enabled - from https://clouddocs.f5.com/products/extensions/f5-telemetry-streaming/1.20/event-listener.html#requestlog
It would be really usefull to add the HTTP HOST to the logging. I have searched but can't seem to find it. Is it possible? Maybe a JMESpath expression?
Thanks
It has been resolved via the github issue.
Solution:
For anyone who would need this:
you have to add: http_host=${Host} to the request logging profile.
Request log template becomes (similar for response logging): event_source="request_logging",hostname="$BIGIP_HOSTNAME",client_ip="$CLIENT_IP",server_ip="$SERVER_IP",http_method="$HTTP_METHOD",http_uri="$HTTP_URI",virtual_name="$VIRTUAL_NAME",event_timestamp="$DATE_HTTP",http_host="${host}"For us specifically, it was for the F5-Elastic integration, info docs below:
https://docs.elastic.co/integrations/f5_bigip
https://github.com/elastic/integrations/blob/main/packages/f5_bigip/data_stream/log/elasticsearch/ingest_pipeline/pipeline_bigipltm.yml
CypherHi, I allready tried $HTTP_HOST but that didn't work. Documentation doen't mention anything about HTTP HOST and there is no "definitive list off variables", so i might need to contact F5 Support. the info about JMESPath was informative, thanks.
If anyone encountered the same problem and knows the answer, feel free to share! 🙂
- LiefZimmerman
Admin
Cypher - the initial reply you had was a repeat spammer. I'll see if there is anyone that can check your question since your post was taken off the "no-replies" list by the spammer.
- Cypher
Hi, it would be great if someone could check in on this.
- Cypher
LiefZimmermancan you check if someone can look into this? It has been 7 months..
I also opened a Gihub issue: https://github.com/F5Networks/f5-telemetry-streaming/issues/274
- Cypher
It has been resolved via the github issue.
Solution:
For anyone who would need this:
you have to add: http_host=${Host} to the request logging profile.
Request log template becomes (similar for response logging): event_source="request_logging",hostname="$BIGIP_HOSTNAME",client_ip="$CLIENT_IP",server_ip="$SERVER_IP",http_method="$HTTP_METHOD",http_uri="$HTTP_URI",virtual_name="$VIRTUAL_NAME",event_timestamp="$DATE_HTTP",http_host="${host}"For us specifically, it was for the F5-Elastic integration, info docs below:
https://docs.elastic.co/integrations/f5_bigip
https://github.com/elastic/integrations/blob/main/packages/f5_bigip/data_stream/log/elasticsearch/ingest_pipeline/pipeline_bigipltm.yml- LiefZimmerman
Fantastic! I was really wondering where else I might take this escalation. Thanks for bringing this back to the thread Cypher - really valuable.
