Hello forum,
I have a fresh install of splunk 4.3.4 with f5 access application version 1.1 which collect events ( focus on apm_log) from f5 version 11.2.
The challange is that some of the viewes q report are empty for example Auth Success vs. Failed is empty.
From more query it seems that the apm_log send minimal info and the otion to configure log level to info or debug is too much in term of vast amount of dta and performence.
Do you know what tweaks are required so the apm_log file in order to get user id , success/failed logins etcw ?
Regards,
Yossi Mor
... View more