Forum Discussion

Nimbostratus

Apr 11, 2014

Pool status in Splunk for F5 Networks

Hi all, I made some tests on Splunk with the 11.5.0 TMOS version. My tests were on AFM, LTM and also syslog events. LTM (with the iRule included) and AFM work fine, but for syslog events ther...

Nimbostratus

Apr 01, 2015

For TMOS 11.5.1, I created a local/transforms.conf file with an updated REGEX that works:

[f5-syslog-eventcode]
REGEX = \]:\s(........:.):\sPool\s(\S+)\smember\s(\S+)\smonitor\sstatus\s\S+\.\s\[\s(\S+)\:\s(\S+)\s\]\s\s\[\swas\s(\S+)\sfor\s(\S+)
FORMAT = event_code::$1 ltm_pool::$2 ltm_member::$3 ltm_monitor::$4 ltm_monitor_status::$5 ltm_prevstatus::$6 ltm_prevstatus_time::$7

I added the ltm_monitor field although it isn't used by the app. The ltm_monitor_status is also extracted after the ltm_monitor field rather than after the "status" keyword.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Pool status in Splunk for F5 Networks

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Setting up F5 Telemetry Streaming with Splunk Cloud

What is Multi-Cloud Networking?

Demo Guide & Video Series for F5 Distributed Cloud Network Connect (Multi-Cloud Networking)

Check a Virtual Server's SSL Status

Get actual client ips in splunk

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS