hi Sebastian, we have a lot of F5 devices, so basically the idea is instead of each bigip sending telemetry to elk, we want all to communicate to bigIQ using AVR which is already happening right now. Then bigIQ will be the one to send those analytics/statistics to ELK. An example is cpu, memory, vs and pool events, concurrent connections etc... is this something doable? thank you
The problem or maybe the limitation is that Big-IQ uses its own database to process the Big-IP metrics, It has an internal elk in the DCD to process and show all the information in the CM, so exporting these files to your elk to process the information could be something complex and expecting that after export the info it could be encrypted or not.
It could be more efficient if you integrate Big-IP with the elk too, please look at this official guide:
Hope it works.
@AlexBCT your my BIG-IQ Friend.
Have you any ideas if there is a log forwarder built into BIG-IQ?
@rechiecebreros - I suspect that BIG-IQ wont do every single log even if it does a external forwarder of some sort.
But if you have BIG-IQ all of the alerts and information that you raise alarms/event in it would hopefully have a mechisum to forward into a north bound system.
I Guess it depends on what you are looking for and where you want the data presenting.