Forum Discussion

Nimbostratus

Dec 24, 2014

Splunk Log Publisher with iRule HSL

Hi, I'm having some difficulty understanding the relationship between the HSL iRule commands and formatted log publishers (Splunk, in this case) in 11.5.1. Sorry if the formatting isn't what the c...

Employee

Oct 17, 2019

https://clouddocs.f5.com/api/irules/HSL__open.html

HSL::open -publisher <publisher>¶

Opens and returns a handle for High Speed Logging communication for a log publisher configured in System->Logs->Configuration->Log Publishers. The handle should be used with the HSL::send command to send data to the publisher. introduced in v11.3

When deciding on a publisher for your log messages, bear in mind that HSL::send will not work if the publisher is configured with some formatted destinations like arcsight or splunk. If the log server expects CEF or Splunk formatted messages, the iRule should craft the data the way the server expects it to be formatted and send to a publisher configured with an unformatted destination, such as remote-high-speed-log.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Splunk Log Publisher with iRule HSL

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Analytics iApp and Splunk - Application Mapping

error in publishing sharepoint 2013 iapp with asm

How to customize the virtual servers data send to splunk

F5 Splunk logging issue

ASM Logging to Splunk Anomoly

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS