Timestamp for F5 logs

Question

Hi,&nbsp;
I have F5 in all continents and have centralized splunk logging in Europe. I want to sent all logs to sent to remote splunk log with the timestamp of the Europe not the timestamp of the F5 physical location. And also is it possible while i keep the logs locally in local database in F5 with local timestamp.&nbsp;
Thanks.&nbsp;

samir_jha_52506 · Answer

I guess, you will have to set local timestamp (based on location) in F5 to store respective location log local F5 db and send same log to splunk.But on spluñk shows two index timestamp one is for lb n other spluñk timestamp.

kps_149915 · Answer

Thanks, i am concern about the timestamp for remote splunk as i need the requirement is to log in remote splunk server with splunk server timezone. Is there anything i have to configure in F5 to change the index or do it has to be done at splunk level.

samir_jha_52506 · Answer

Its interesting. Till now not tried to change index timestamp at spluñk leval. Will dig more n update you.&nbsp;

patrik_jonsson · Answer

Hi!&nbsp;
In this case I would rely on some Splunk magic when indexing rather than syslog-ng hacks.&nbsp;
/Patrik&nbsp;

Forum Discussion

Timestamp for F5 logs

Recent Discussions

F5APM SSO SAML OAUTH

unable to question about getting hsl data to be formatted properly in splunk

question about getting hsl data to be formatted properly in splunk

Problem with lets encrypt and redirect after update

automatic learning logs/report ?

Related Content

F5 BIG-IP Logging API timestamp to UTC

Certificate Bundle Timestamp Query

Impact of disabling TCP Timestamp in TCP and fasl4 profile

Logging DNS Requests

ASM logs

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS