Timestamp for F5 logs

Question

Hi,&nbsp;
I have F5 in all continents and have centralized splunk logging in Europe. I want to sent all logs to sent to remote splunk log with the timestamp of the Europe not the timestamp of the F5 physical location. And also is it possible while i keep the logs locally in local database in F5 with local timestamp.&nbsp;
Thanks.&nbsp;

samir_jha_52506 · Answer

I guess, you will have to set local timestamp (based on location) in F5 to store respective location log local F5 db and send same log to splunk.But on spluñk shows two index timestamp one is for lb n other spluñk timestamp.

kps_149915 · Answer

Thanks, i am concern about the timestamp for remote splunk as i need the requirement is to log in remote splunk server with splunk server timezone. Is there anything i have to configure in F5 to change the index or do it has to be done at splunk level.

samir_jha_52506 · Answer

Its interesting. Till now not tried to change index timestamp at spluñk leval. Will dig more n update you.&nbsp;

patrik_jonsson · Answer

Hi!&nbsp;
In this case I would rely on some Splunk magic when indexing rather than syslog-ng hacks.&nbsp;
/Patrik&nbsp;

Forum Discussion

Timestamp for F5 logs

Recent Discussions

APM with EntraID as idP / request signed

Creating Policy using Terraform

Alert Mail when virtual server down trubleshooting

How to disable RC4 Cipher on SSL

Big-IQ + LetsEncrypt wildcard

Related Content

F5 BIG-IP Logging API timestamp to UTC

Certificate Bundle Timestamp Query

Impact of disabling TCP Timestamp in TCP and fasl4 profile

Logging DNS Requests

ASM logs

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS