All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

f5 asm .. reports blank

sandevsingh
New Member
‎06-13-2018 09:37 AM

Hi, I am trying to make f5 ASM and Splunk enterprise ver 7 work together. I have installed the "Splunk for F5 Security" app and I see the asm logs been indexed under it. But when I go to check the inbuilt reports from the App under Application Security manager > Web application stats OR security events stats OR any other report.. they are all blank! Saying " no results found". Any idea why this is happening?

thnx

Tags (1)
0 Karma
Reply

adonio
Ultra Champion
‎06-13-2018 01:45 PM

can be couple of things:
1. indexes read by default - if the searches that power the dashboards do not specify index=some_index and your user's role is not set up to search those indexes by default, you will see 'no results ...
2. sourcetype assignment is off / not working and therefor fields are not extracted correctly etc. try to run a search inverbose` mode on the f5 data and see that all fields are extracted and sourcetypes are assigned.

hope it helps

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...