Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Thomas_Gobet's avatar
Thomas_Gobet
Icon for Nimbostratus rankNimbostratus
Apr 11, 2014

Pool status in Splunk for F5 Networks

Hi all, I made some tests on Splunk with the 11.5.0 TMOS version. My tests were on AFM, LTM and also syslog events. LTM (with the iRule included) and AFM work fine, but for syslog events ther...
application delivery
deployment
LTM
splunk
syslog
TMOS
DenisG_22372's avatar
DenisG_22372
Historic F5 Account
Sep 19, 2014

I tried the following to see if it would grab it, but no luck yet...

 

In Splunk my syslog message was <133>1 2014-09-19T15:29:05-06:00 localhost.localdomain mcpd 6649 01070727:5: [F5@12276 hostname="localhost.localdomain" errdefs_msgno="01070727:5:"] Pool /Common/dvwa_pool member /Common/192.168.0.217:80 monitor status up. [ /Common/dvwa_monitor: up ] [ was down for 0hr:0min:10sec ]

 

My RegEX = REGEX = /\serrdefs_msgno="(........:.)\S+\sPool\s(\S+)\smember\s(\S+)\smonitor\sstatus\s(\S+).\s?[?\s?(?:\S+)?:?\s?(?:\S+)?\s?]?\s+?[\swas\s(\S+)\sfor\s(\S+)/

 

In RegEx teter it loks good, but no joy here. I will keep trying....