Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk for F5 Access guide?

dooshiant
New Member
‎03-07-2012 01:36 AM

Hello,

Using Splunk for F5 Access app and trying send logs from firepass to splunk on port 514.
However, the stats in the F5 Access Dashboard are incomplete. For example I can only see 4 or 5 users in the Connections by User in the last 24 hours chart, but on the firepass, it shows that there was over a 100 connected in the same timeframe..

Is there a configuration guide available for how to configure both the Splunk / F5 Access app and the Firepass device? - I want to verify if my config is correct.

Have tried Splunk support, but they haven't been very helpful and say there is no support for the F5 Access app.

Many thanks!

Tags (2)
0 Karma
Reply

MarioM
Motivator
‎03-14-2012 08:42 AM

there is :

getting started guide

0 Karma
Reply

MarioM
Motivator
‎03-17-2012 06:39 AM

yes i know firepass is dedicated ssl vpn and the only thing to do is configure remote syslog on firepass to send to splunk (no other choice than udp 514) and set the sourcetype as firepass_log.
After the firepass dashboard is just an example then up to you to build your own.
Splunk is not about app but doing you own reports/dashboard...

0 Karma
Reply

dooshiant
New Member
‎03-16-2012 02:55 AM

Hi MarioM,

This guide is for APM which runs on the BigIP platform. Firepass is different and runs on another platform. I have set the sourcetype to firepass_log as stated in the pdf though, but getting only limited stats - not all users / events are being shown..

0 Karma
Reply

gnovak
Builder
‎03-14-2012 08:17 AM

I agree, I can't find a link to a manual anywhere.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...