BIG-IP

To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.

Labels

Axoflow automatically adds the following labels to data collected from this source:

label value
vendor f5
product bigip
format text-plain | JSON | kv

Note that the device can be configured to send plain syslog text, JSON, or key-value pairs.

Sending data to Splunk

When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:

sourcetype index
f5:bigip:syslog netops
f5:bigip:ltm:access_json netops
f5:bigip:asm:syslog netops
f5:bigip:apm:syslog netops
f5:bigip:ltm:ssl:error netops
f5:bigip:ltm:tcl:error netops
f5:bigip:ltm:traffic netops
f5:bigip:ltm:log:error netops
f5:bigip:gtm:dns:request:irule netops
f5:bigip:gtm:dns:response:irule netops
f5:bigip:ltm:http:irule netops
f5:bigip:ltm:failed:irule netops
nix:syslog netops

Tested with: Splunk Add-on for F5 BIG-IP