How I did it - "Visualizing Data with F5 TS and Splunk"

Hi Greg,

Another few notes from following your article

1) I was forced to add a version attribute to the "form" element in the XML for both dashboards. I think this would be due to an update in the Splunk Cloud platform I used. An easy addition for anyone that knows XML, but perhaps you could test this out again and if the platform has been updated, you could update your XML? 

2) The first time I followed your instructions, I had not created an index called f5_index. That is not part of your instructions but is required by your XML, so I had blank dashboards. Again for the sake of a dummy like me who follows instructions to the letter, perhaps you could include instructions?

3) Finding the CIM add-on was hard for me (your screenshot helped a lot!). Perhaps more have been added since you wrote this article and perhaps there's an easier way to make sure folks select the correct one.

4) When updating your JSON file for TS configuration, I used the public IP address that I got by pinging the DNS name of my splunk cloud instance. I have no idea if that's the right way to do it (probably not, I would expect TLS validation to fail) so if you have advice for the right way to do it, it may help real customers (this is just a PoC I'm doing).

That's all my notes for now. I am still trying to get my dashboards populated with data but I believe I have traffic from BIG-IP arriving in Splunk Cloud now. Thanks so much for this guide.