Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Severals views in f5 accessdashboard for splunk are not are empty

yossim
New Member
‎10-29-2012 05:26 AM

Hello forum,

I have a fresh install of splunk 4.3.4 with f5 access application version 1.1 which collect events ( focus on apm_log) from f5 version 11.2.

The challange is that some of the viewes q report are empty for example Auth Success vs. Failed is empty.

From more query it seems that the apm_log send minimal info and the otion to configure log level to info or debug is too much in term of vast amount of dta and performence.

Do you know what tweaks are required so the apm_log file in order to get user id , success/failed logins etcw ?

Regards,

Yossi Mor

Tags (2)
0 Karma
Reply

davecroto
Splunk Employee
Splunk Employee
‎10-29-2012 05:44 AM

Create the IRule.

https://devcentral.f5.com/tutorials/tech-tips/big-ip-logging-and-reporting-toolkit-part-three

and

splunk/etc/apps/SplunkforF5Networks/Installing Splunk for F5 Big.pdf

splunk/etc/apps/SplunkforF5Networks/irule.txt

Reply

yossim
New Member
‎10-29-2012 06:05 AM

Hi davecroto,

Thanks for your quick answer.

I am not familier with irule ( not yet).

Also from inspectiong the apm log on the Big IP hardware it seems that nly minimal informaion is gathered so i have to confiigure the apm log file to provide more info.

regards,

Yossi Mor

0 Karma
Reply
Get Updates on the Splunk Community!

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

The Splunk Community Dashboard Challenge is still happening, and it's not too late to enter for the week of ...