cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
chitturics
Explorer
Member since: ‎02-11-2015
‎06-05-2020
Community Statistics
Posts 5
Solutions 2
Karma Given 0
Karma Received 2
Member Since ‎02-11-2015
Activity Feed
Topics I've Started
No posts to display.
View All

Re: What is the opinion on F5 vs Splunk in Splunk ...

by in All Apps and Add-ons
‎04-27-2018 06:46 AM
‎04-27-2018 06:46 AM
Splunk Add-on for F5 BIG-IP (built and officially supported by Splunk) Pros: Pulls data from F5, you have option to filter and specify what data you are interested in. Cons: You can only ingest the data into Splunk using this App, Visualizations you have to create your own.. Require credentials with apropriate role to query F5 for the data, and password management is bit challenge when more F5s and no integrated authentication. F5 Networks - Analytics (built and officially supported by F5) Pros: Require no authentication, depends on F5 iApp to push the data to Splunk indexers Comes with pre-built Data Models & Dashboards Cons: Visualization are very slow and doesn't appear to me scaleable to larger audience What I ended up doing is using F5 Networks - Analytics (built and officially supported by F5) App for data models (F5 iApp push data to Splunk indexers) and build my own visualization. https://answers.splunk.com/answers/618950/use-of-f5-network-analytics-app-for-customers.html#answer-619283 ... View more

Re: How to differentiate events with Field values ...

by in Splunk Search
‎02-21-2018 03:44 AM
1 Karma
‎02-21-2018 03:44 AM
1 Karma
EventCode=1111 OR EventCode=2222 |eval event_status=if(EventCode="1111","Success","Failed")|chart count over host by event_status ... View more

Re: Use of F5 Network Analytics app for customers

by in All Apps and Add-ons
‎02-20-2018 07:39 AM
1 Karma
‎02-20-2018 07:39 AM
1 Karma
We configured all events to go one index "f5-default" I tried using F5 Splunk app as it is and not convinced the way it work/present. I find the app is very resource intensive and not scale-able when we have large user base. We are using data models came with F5 App, however changed the App visibility to "No". We are using 5 minute aggregation data from F5 to Splunk and it defeat the idea of showing near real time. So I am using F5 interval data in combination with SNMP Traps F5 sending when there is change in status of a Pool/Pool Member. I created few saved searches which run every 1 minute, 10 minute and daily based on requirement and creating outputlookup(s). Using these outputlookup files, created several dashboards to show health of Pool/PoolMember/VIP and also correlating with several other events that we already have in Splunk. Ex: Events from Real User Monitoring Tool (Agentless). PoolMember resource alarms (Ex: CPU, Memory, Disk, Network) RHEV/CloudForms/Puppet events for the PoolMember (Ex: VM Migration, Hypervisor/Host memory presssure etc.,) PoolMember Syslog Events for known exceptions PoolMember Application Log Exceptions/events If the server is in maintenance mode for some scheduled activity JVM, Database events ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All