Forum Discussion

Nimbostratus

Apr 11, 2014

Pool status in Splunk for F5 Networks

Hi all, I made some tests on Splunk with the 11.5.0 TMOS version. My tests were on AFM, LTM and also syslog events. LTM (with the iRule included) and AFM work fine, but for syslog events ther...

Nimbostratus

Apr 01, 2015

For TMOS 11.5.1, I created a local/transforms.conf file with an updated REGEX that works:

[f5-syslog-eventcode]
REGEX = \]:\s(........:.):\sPool\s(\S+)\smember\s(\S+)\smonitor\sstatus\s\S+\.\s\[\s(\S+)\:\s(\S+)\s\]\s\s\[\swas\s(\S+)\sfor\s(\S+)
FORMAT = event_code::$1 ltm_pool::$2 ltm_member::$3 ltm_monitor::$4 ltm_monitor_status::$5 ltm_prevstatus::$6 ltm_prevstatus_time::$7

I added the ltm_monitor field although it isn't used by the app. The ltm_monitor_status is also extracted after the ltm_monitor field rather than after the "status" keyword.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Pool status in Splunk for F5 Networks

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Webtop which has VNC for macos users

AST Configuration Assistance

Floating IP responds from wrong VLAN/trunk

expandsSubcollections and filtering in F5 SDK

F5 i-series Guests to r-series tenants migration

Related Content

Setting up F5 Telemetry Streaming with Splunk Cloud

What is Multi-Cloud Networking?

F5 Distributed Cloud for Global Layer 3 Virtual Network Implementation

Demo Guide & Video Series for F5 Distributed Cloud Network Connect (Multi-Cloud Networking)

F5 Networks Partner Spotlight - Splunk

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS