Forum Discussion
Stanislas_Piro2
Oct 23, 2017Cumulonimbus
Hi,
Which logs are you sending to Splunk?
if you want to log traffic log for troubleshooting, you can configure request logging profile
look at this link where I provided the configuration of request logging profile for grayling based on the previous irule posted by winston.
with this configuration, you can use the irule to include HTTP headers in request.
All HTTP headers available when logging profile is evaluated can be included in templates
- between HTTP_REQUEST_SEND and HTTP_REQUEST_RELEASE for request and response templates
- between HTTP_REQUEST_SEND and HTTP_REQUEST_RELEASE for response template
the benefit of this link is log format is JSON which is compatible with most of SIEM without requiring writing parser.