F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Samadi's avatar
Samadi
Icon for Altocumulus rankAltocumulus
Jun 22, 2022

sFlow/Netflow

Hello, I need to configure my BIGIP to send sFlow to ELK, so I need the version of sFlow or Netflow used by F5 BIGIP (version 14.1.4) can any one help with this please ? Regards,
security
PSFletchTheTek's avatar
PSFletchTheTek
Icon for Cumulonimbus rankCumulonimbus
Jun 22, 2022

Hi,

sFlow on ELK isn't very well support, netflow which is very slightly different is much better.
It has filebeats and logstash plugins ready to go.

Also the default sFlow config doesn't help much.

I would recommend using netflow and using a method like this
https://docs.illumio.com/asp/20.2/Content/Guides/flowlink-configure-usage/collect-flow-records-f5.htm

Sorry i can't for the life of me get google to find the f5 pages that show the same, but in short its basically a log publisher and log destination setup like syslog. Then all you do is have a simple irule on the virtual server that you want logging.

This setup supports netflowv9 and ipfix (v10) so you should be good to go!
Hope this helps.