Telemetry streaming to Elasticsearch

Hi Hans.  There is a bunch going on with a solution like this.  All of the declaration pieces are required.  At a high level the AS3 declaration defines the necessary objects to forward ASM logs to the local TS process, which collect data and send to Elastic/Splunk.  The ASM logging profile can be configured to send logs to HSL destination so they are not written to the local file system (which can impact performance).  The HSL destination points to the "telemetry_local" TCP virtual server, which uses the iRule to point to the TS listener service.  I may be a little out of order on this explanation, but it should be close enough.

1. Do not remove anything.  All pieces are required to get the traffic to Splunk as a single payload
2. I'm pretty sure the AS3 virtualAddress of 255.255.255.254 is an internal address listening on anything.  This should minimize IP conflicts with any other possible user configurations on the system.  It may be related specifically to TS since the listener doesn't define it, just the port 6514.  The TS declaration destination of 172.16.60.23 is the Splunk system to send all the data after TS has collected it all.
3. You can have ASM logs sent directly to Splunk using the HSL configuration.  Many customers do that for dedicated security dashboards.  However, this whole solution is bundled as a package.  To have all the data come in through TS.  Probably so the preconfigured Splunk dashboards know how to find and parse all the data.  Remember that TS will also include a ton of other system and application stats, not just the ASM logs.