Forum Discussion
fat_138651
Oct 13, 2016Nimbostratus
Splunk for LTM
Hi,
I am just trying to prepare my Viprion Guest (12.1.1) for a splunk connection (LTM only).
I am following these instructions:
Since the instructions are not very detailed, I have a few questions:
"Follow the F5 documentation on how to configure remote logging, using the IP address of your Splunk server and 9514 as the port for UDP and 9515 as the port for TCP."
Do I have to set up a Standard HSL, just with the Splunk format? Where do I differ between TCP and UDP?
Copy the iRule data provided in the iRule_http example in the table below into the definition section for the new iRule. Configure a virtual server to reference the iRule. This is the local virtual server in the BIG-IP system from which you want to send traffic events to the Splunk platform.
What kind of virtual server do I have to configure? Or do I have to connect the iRule to any virtual server I am using on this guest?
Any further informations or papers regarding splunk on the BigIP would be appreciated.
Cheers,
Thorsten
- adityoari_14383Historic F5 Account
If you only want to send default BIG-IP event logs to the Splunk, a Splunk-formatted Log Destination will format the logs for you.
The iRule on the linked page is a sample for when you want to send logs to Splunk for custom events, and that iRule does the formatting inline, so you can use an unformatted Log Destination.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects