I am curious what everyone is using for traffic visibility. I currently have vmware loginsight setup with the F5 content pack. I get decent information but it doesn't always feel like the whole story. I've used graylog before with a request logging profile on the LTM VS, one I figured out the grok pattern it provided good information but again didn't feel like an enterprise solution.
I'm curious what everyone else is using, how is it working for you?
Well I think it depends on who is familiar with which product. Graylog is powerful log management software, but it was not created for advanced analytics and correlations, so I personally prefer to forward logs from f5 to any Enterprise SIEM solutions like QRadar, ArcSight or Splunk. As those solution gives you more functionality on log manipulation, investigation, monitoring, alerts, etc.
Also you can try f5's BIG-IQ solution, which basicaly is for centralized management of several BIG-IP devices, but one of its feature is Application analytics, which gives truly good dashboards with traffic information per application, like active connections, http transaction, application response and etc.