Forum Discussion

HGS-97-61's avatar
Icon for Nimbostratus rankNimbostratus
Nov 24, 2023

Telemetry streaming to Elasticsearch

Hi all

I am following a couple of threads since I want to send ASM logging to Elasticsearch  like this one from Greg 

What I understand is that I need to send an AS3 declaration and a TS declaration.

But there are a couple of things not entirely clear to me.

1. Can I remove the iRule, Service_TCP, Pool, Log_Destination, Log_Publisher and Traffic_Log_profile declarations from the AS3 declaration json? 
In the example the telemetry_asm_security_log_profile does not seem to depend on these?

2. In the AS declaration json an IP address is specified (perhaps just an example since it is a subnet mask) and also in the TS declaration where it is
How are the IP in the servers section of the AS3 declaration related to the one in the consumer part in the TS declaration?

3. In telemetry_asm_security_log_profile the field remoteStorage is set to splunk.
According to the reference guide: Reference Guide security-log-profile-application-object the allowed values are
“remote”, “splunk”, “arcsight”, “bigiq”. 
I would opt for just remote. Is that the correct choice?

Regards Hans