BIG-IP
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
label | value |
---|---|
vendor | f5 |
product | bigip |
format | text-plain | JSON | kv |
Note that the device can be configured to send plain syslog text, JSON, or key-value pairs.
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
sourcetype | index |
---|---|
f5:bigip:syslog | netops |
f5:bigip:ltm:access_json | netops |
f5:bigip:asm:syslog | netops |
f5:bigip:apm:syslog | netops |
f5:bigip:ltm:ssl:error | netops |
f5:bigip:ltm:tcl:error | netops |
f5:bigip:ltm:traffic | netops |
f5:bigip:ltm:log:error | netops |
f5:bigip:gtm:dns:request:irule | netops |
f5:bigip:gtm:dns:response:irule | netops |
f5:bigip:ltm:http:irule | netops |
f5:bigip:ltm:failed:irule | netops |
nix:syslog | netops |
Tested with: Splunk Add-on for F5 BIG-IP