F5 Analytics iApp
Problem this snippet solves:
Analytics iApp v3.7.0
You can use this fully supported version of the analytics iApp template to marshal statistical and logging data from the BIG-IP system. The iApp takes this data and formats it as a JSON object which is then exported for consumption by data consumers, such as F5 BIG-IQ or applications such as Splunk.
The Analytics iApp allows you to configure several categories of data to be exported. For data consumers like Splunk, the iApp lets you configure the network endpoint to which the data is sent.
Version 3.7.0 of the iApp template is fully supported by F5 and available on downloads.f5.com. We recommend all users upgrade to this version. For more information, see https://support.f5.com/csp/article/K07859431.
While this version of the iApp is nearly identical to the v3.6.13 which was available on this page, the major difference (other than being fully supported) is that ability to gather APM statistics using the iApp has been removed from BIG-IP versions prior to 12.0.
Supported/Tested BIG-IP versions: 11.4.0 - 12.1.2.
Data Sources: LTM, GTM, AFM, ASM, APM, SWG, and iHealth (APM statistics require 12.0 or later)
Data Output Formats: Splunk, F5 Analytics, F5 Risk Engine
Splunk App: https://apps.splunk.com/apps/id/f5
The new deployment guide can be found on F5.com: http://f5.com/pdf/deployment-guides/f5-analytics-dg.pdf
Code :
https://downloads.f5.com/esd/ecc.sv?sw=BIG-IP&pro=iApp_Templates&ver=iApps&container=iApp-Templates
Published May 13, 2016
Version 1.0
M_QuevedoNimbostratus
DRJ-- Please open an case with F5 Support to report your issue. A qkview files before and after the scriptd crash will help us diagnose and correct the problem.
- Mrwillbaclimon
Altocumulus
Does anyone have a link or can suggest a recommend Regex for Application Mapping? Essentially I would like to group VIPS together as a common application name.
For Example
1.VIP App1 VIP 1 and 2 are named Master App 2.VIP App1
3.VIP App2 VIP 3 and 4 are named Minor App 4.Vip App2
- Walter_Kacynski
Cirrostratus
How does this app compliment the Splunk built version at http://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/About? What data overlaps, and if so, can I remove this duplication?
csiggy_246069Hello,
I followed the steps in both the guide and offered video--great btw; but Splunk will not show any data on the Application tab, nothing at all from LTM. AFM (Network Firewall) sections produce data and so do the Administration -> Device Health etc. User Access tab provides nothing as well.
Please advise, if possible.
Thank you.
ST_WongCirrus
Hello,
We followed steps in the guide and deploying v3.7.0 with Splunk 6.5.3. There is no event sent to Splunk. Seems the SSL handshake can't complete due to unknown CA error. See following in Splunk about complaint from LTM with v3.7.0 deployed:
error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
As we're using default server certs on Splunk, can we add the cert to trust CA list on LTM and how? Thanks a lot.
Regards
ramig_184705I'm using latest version (3.7.0) with APM running on 12.0+, the main issue is the session dump files filling the /shared partition with f5-analytics-sessdata-* .
Any suggestions there ?
- M_Quevedo
Hi ramig, f5 is tracking this issue as ID664360. Look for a fix in the next release of the iApp template.
- Walter_Kacynski
Since bugids aren't public... Is ID664360 mitigated or fixed by 12.1.2?
- M_Quevedo
Hi Walter, bug ID's do appear in TMOS release notes. However, that's not what you asked exactly-- this particular issue will be fixed in the next release of the Analytics iApp template. That is not tied to a specific version of TMOS, so it doesn't have anything directly to do with TMOS v12.1.2.
- Walter_Kacynski
Can someone help me understand the relationship with this iApp and BIG-IQ DCD under version 5.2?
