All Apps and Add-ons

How to modify the inputs for the Splunk Add-On for F5 BIG-IP?

Makinde
New Member

I would like to use the Splunk Add-on for F5 BIG-IP, but I don't want the add-on to query my device for any logs.

I am currently sending the F5 logs to a folder on the Splunk forwarder through Syslog. I created a local folder in the add-on folder and create an inputs.conf file with the following information:

[monitor://C:\logs\F5]
disable = false
sourcetype = F5:bigip:syslog

However, I don't receive any logs. When I make these changes to other apps, I am able to get some changes. I got an error that logs were received for an unconfigured index. I checked my indexes and noticed the F5 Add-on didn't create any indexes automatically. I looked through the default folder, but couldn't find anywhere the Index was specified. I created a new index, but I still am not getting any logs.

Does anyone know what to do so I can use the Add-on, but use a different input method like the one described above?

Thanks,

0 Karma
1 Solution

jcoates_splunk
Splunk Employee
Splunk Employee

You need to create indexes because that's where your control over performance and security is set; it's bad practice for someone else's app to guess at your needs for those, IMHO.

View solution in original post

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

You need to create indexes because that's where your control over performance and security is set; it's bad practice for someone else's app to guess at your needs for those, IMHO.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...