Splunk® Supported Add-ons

Splunk Add-on for F5 BIG-IP

Create new templates for the Splunk Add-on for F5 BIG-IP

Creating a new template is an advanced task and requires you to have knowledge of F5 iControl APIs. The Splunk Add-on for F5 Big-IP collects the data for the iControl API using Telemetry Streaming. Telemetry Streaming uses a REST API to collect the data for the iControl APIs. For more information about the iControl REST API, you can refer to the following documentation: iControl REST. From here, the user can identify the REST API call for a metric and collect the data for it by creating a custom template or by using the existing templates.


Create a new template

  1. Go to Configuration > Template. The templates configuration page appears listing all templates defined in the app.
  2. Click Add to create a new template.
  3. The template information is saved in $SPLUNK_HOME/etc/apps/Splunk_TA_f5-bigip/local/f5_templates_ts.conf.
  4. Provide a template Name. Acceptable characters are a-z, A-Z, 0-9 or "_".
  5. (optional) Enter a Description for the template.
  6. Provide Content. The content must follow the format of the Middle Language Template for F5 BIG-IP iControl APIs. See "Template record format," below.
  7. Click Add.

The templates you create display in the Input list when you create inputs.

Template definition

The template definition provided in this add-on is a flexible configuration script.

Template record format

<API Name>,<API Call>,<Interval>

<API Name> API Name is the name of the key under which the response for the associated API Call. Refer to these examples for further clarification. You must specify this parameter in the template.
<API Call> The REST API endpoint for which you want to collect the data using Telemetry Streaming. You can find the REST endpoint from the F5 documentation.
interval <interval value> This is an integer value that specifies how often (in seconds) to return the data for a particular API call. Note that the interval value specified here takes precedence over the interval specified in the server or the input.

Template examples

ltmVirtualAddressStats,/mgmt/tm/ltm/virtual-address/stats,60

{"ltmVirtualAddressStats"{"/Common/10.0.0.0/stats":'''{"addr":"10.0.0.0","clientside.bitsIn":0,"clientside.bitsOut":0,"clientside.curConns":0,"clientside.maxConns":0,"clientside.pktsIn":0,"clientside.pktsOut":0,"clientside.totConns":0,"tmName":"/Common/10.0.0.0","status.availabilityState":"unknown","status.enabledState":"enabled","status.statusReason":"The children virtual server(s) either don't have service checking enabled, or service check results are not available yet"},"/Common/Shared/10.0.0.1/stats":{"addr":"10.0.0.1","clientside.bitsIn":0,"clientside.bitsOut":0,"clientside.curConns":0,"clientside.maxConns":0,"clientside.pktsIn":0,"clientside.pktsOut":0,"clientside.totConns":0,"tmName":"/Common/Shared/10.0.0.1","status.availabilityState":"unknown","status.enabledState":"enabled","status.statusReason":"The children virtual server(s) either don't have service checking enabled, or service check results are not available yet"}},"system":{"hostname":"xyz"},"telemetryServiceInfo":{"pollingInterval":60,"cycleStart":"2022-03-03T19:21:37.871Z","cycleEnd":"2022-03-03T19:21:39.499Z"},"telemetryEventCategory":"systemInfo"}

manUser,/mgmt/tm/auth/user

{"manUser":{"items":[{"kind":"tm:auth:user:userstate","name":"admin","fullPath":"admin","generation":1,"selfLink":"https://localhost/mgmt/tm/auth/user/admin?ver=16.1.0","description":"Admin User","encryptedPassword":"$1$salt$IEd.dPRrJY41NWqqeABCW2","sessionLimit":-1,"partitionAccess":[{"name":"all-partitions","role":"admin","nameReference":{"link":"https://localhost/mgmt/tm/auth/partition/all-partitions?ver=16.1.0"}}]}]},"system":{"hostname":"xyz"},"telemetryServiceInfo":{"pollingInterval":300,"cycleStart":"2022-03-03T19:24:10.138Z","cycleEnd":"2022-03-03T19:24:12.211Z"},"telemetryEventCategory":"systemInfo"}

netInterface,/mgmt/tm/net/interface

{"netInterface":{"items":[{"kind":"tm:net:interface:interfacestate","name":"1.0","fullPath":"1.0","generation":45,"selfLink":"https://localhost/mgmt/tm/net/interface/1.0?ver=16.1.0","bundle":"not-supported","bundleSpeed":"not-supported","enabled":true,"flowControl":"tx-rx","forceGigabitFiber":"disabled","forwardErrorCorrection":"not-supported","ifIndex":48,"lacpPortPriority":32786,"linkTrapsEnabled":"true","lldpAdmin":"txonly","lldpTlvmap":130943,"macAddress":"00:00:16:0f:q9:2e","mediaActive":"10000T-FD","mediaFixed":"10000T-FD","mediaMax":"auto","mediaSfp":"auto","mtu":1500,"portFwdMode":"l3","preferPort":"sfp","qinqEthertype":"0x8100","sflow":{"pollInterval":0,"pollIntervalGlobal":"yes"},"stp":"enabled","stpAutoEdgePort":"enabled","stpEdgePort":"true","stpLinkType":"auto"},{"kind":"tm:net:interface:interfacestate","name":"mgmt","fullPath":"mgmt","generation":64,"selfLink":"https://localhost/mgmt/tm/net/interface/mgmt?ver=16.1.0","bundle":"not-supported","bundleSpeed":"not-supported","enabled":true,"flowControl":"tx-rx","forceGigabitFiber":"disabled","forwardErrorCorrection":"not-supported","ifIndex":32,"lacpPortPriority":32786,"linkTrapsEnabled":"true","lldpAdmin":"txonly","lldpTlvmap":130943,"macAddress":"00:00:16:1f:19:1e","mediaActive":"100TX-FD","mediaFixed":"auto","mediaSfp":"auto","mtu":1500,"portFwdMode":"l3","preferPort":"sfp","qinqEthertype":"0x8100","sflow":{"pollInterval":0,"pollIntervalGlobal":"yes"},"stp":"enabled","stpAutoEdgePort":"enabled","stpEdgePort":"true","stpLinkType":"auto"}]},"system":{"hostname":"bigip1"},"telemetryServiceInfo":{"pollingInterval":300,"cycleStart":"2022-03-03T19:20:33.580Z","cycleEnd":"2022-03-03T19:20:35.112Z"},"telemetryEventCategory":"systemInfo"}

oneConnectStats,/mgmt/tm/ltm/profile/one-connect/stats

{"oneConnectStats":{"/Common/oneconnect/stats":{"connects":0,"curSize":0,"maxSize":0,"tmName":"/Common/oneconnect","reuses":0,"typeId":"ltm profile one-connect","vsName":"N/A"}},"system":{"hostname":"xyz"},"telemetryServiceInfo":{"pollingInterval":300,"cycleStart":"2022-03-03T19:24:46.383Z","cycleEnd":"2022-03-03T19:24:47.276Z"},"telemetryEventCategory":"systemInfo"}
Last modified on 03 September, 2024
Troubleshoot the Splunk Add-on for F5 BIG-IP   Storage format reference for the Splunk Add-on for F5 BIG-IP

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters