Hi all,
I've installed Splunk for F5 Networks application to make some tests on it.
I'm using 11.5 TMOS version and there's something wrong on the regex it uses.
I made some changes on it to match informations needed but it still doesn't work, could you confirm me that it's into /opt/splunk/etc/apps/SplunkforF5Networks/default/transforms.conf every transformations are done ?
Here is the newest regex which include old and new format of syslog events :
/]:\s(........:.):\sPool\s(\S+)\smember\s(\S+)\smonitor\sstatus\s(\S+).\s?[?\s?(?:\S+)?:?\s?(?:\S+)?\s?]?\s+?[\swas\s(\S+)\sfor\s(\S+)/
Thanks in advance for your response 😉
... View more