Splunk® Supported Add-ons

Splunk Add-on for F5 BIG-IP

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Release history for the Splunk Add-on for F5 BIG-IP

Latest release

The latest release of the Splunk Add-on for F5 BIG-IP is version 6.2.1. See Release notes for the Splunk Add-on for F5 Big-IP for the release notes of this latest version.

Version 6.2.0

Version 6.2.0 of the Splunk Add-on for F5 BIG-IP was released on September 28, 2023.

Compatibility

Version 6.2.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.2.x, 9.0.x, 9.1.x
CIM 5.2.0
Platforms Platform independent
Vendor Products F5 BIG-IP F5 BIG-IP 11.6.5 - 17.1.0 Licensed LTM, DNS (GTM), APM, AFM, and ASM modules.

New Features

  • Added support of the F5 BIG-IP product v17.1.0
  • CIM field enhancements for these sourcetypes:
    • f5:bigip:syslog - "Connection error" related events having source and destination address are mapped with Network Traffic CIM data model
    • f5:bigip:apm:syslog - "Assigned PPP", "allow ACL", "reject ACL" type of events are mapped to Network Traffic CIM data model
    • f5:bigip:apm:syslog - "New session from client IP" type of events are mapped to Network Session CIM data model
    • f5:bigip:gtm:dns:request:irule - events falling under this sourcetypes are mapped with Network Resolution DNS CIM data model
    • f5:bigip:ltm:ssl:error - "SSL Handshake Failed" type of events will be mapped under this sourcetype instead of f5:bigip:syslog and it will be mapped to Network Traffic CIM data model
  • Logger enhancements - There will be a separate log file for each of the inputs configured in the add-on and the naming convention will be splunk_ta_f5_bigip_input-<input_name>.log

It is recommended that the user first disables all the inputs, and then upgrades to the latest version of the add-on, so that it does not lead to any discrepancies in the logs of the input

Fixed issues

Version 6.2.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:


Known issues

Version 6.2.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:


Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for F5 BIG-IP third-party software credits.

Version 6.1.1

Version 6.1.1 of the Splunk Add-on for F5 BIG-IP was released on March 6, 2023.

Compatibility

Version 6.1.1 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.0.2
Platforms Platform independent
Vendor Products F5 BIG-IP F5 BIG-IP 11.6.5 - 17.0.0 Licensed LTM, DNS (GTM), APM, AFM, and ASM modules.

New Features

  • Fixed a security vulnerability found in the certifi library.

Fixed issues

Version 6.1.1 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:


Known issues

Version 6.1.1 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:


Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for F5 BIG-IP third-party software credits.

Version 6.0.0

Version 6.0.0 of the Splunk Add-on for F5 BIG-IP was released on Mar 7, 2022.

Compatibility

Version 6.0.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1.x, 8.2.x
CIM 5.0.0
Platforms Platform independent
Vendor Products F5 BIG-IP F5 BIG-IP 11.6.5 - 16.1.0 Licensed LTM, DNS (GTM), APM, AFM, and ASM modules.

New Features

  • Migrated the data collection from the SOAP API to Telemetry Streaming. Users will have to reconfigure the Accounts, Templates and Inputs to start the data collection using Telemetry Streaming.
  • Added support for the AFM module for Telemetry Streaming.
  • Added the Intrusion Detection Data Model for ASM module events.
  • The events for the f5:bigip:gtm:dns:response:irule source type will be mapped to the Network DNS Resolution Data Model.
  • Removed the support for partitions from the Server Configuration.
  • The data collected using the SOAP API will be parsable and searchable, but the user will no longer be able to collect the data using the SOAP API.

Upgrade Guide

The Splunk add-on for F5 BigIP version 6.0.0 collects the data using Telemetry Streaming. If you configured any custom template to collect the data from the SOAP API, you will need to locate the REST API replacement for that SOAP API, to perform the data collection using the new version of this add-on. For more information, see Create New Templates.

  • You will need to reconfigure the inputs to start the data collection. For more information on creating inputs for this add-on, see Create Inputs.

Migration from other add-ons

There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.

The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.

You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.

Add-on comparison
Splunk Add-on for F5 BIG-IP 5.1.0 Splunk for F5 Access Splunk for F5 Networks Splunk for F5 Security
Sourcetype See the source types topic for a full list syslog No default source type No default source type
Domain LTM, GTM, APM, ASM APM, FirePass LTM, AFM ASM, APM
Port 9514/9515 514 No default port No default port
Splunk platform version 8.0+ 4.0 to 6.0 4.0 to 6.0 4.0 to 6.0

Fixed issues

Version 6.0.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:


Known issues

Version 6.0.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2022-10-27 ADDON-57007 Password with special characters not working in configuration

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for F5 BIG-IP third-party software credits.


Version 5.1.0

Version 5.1.0 of the Splunk Add-on for F5 BIG-IP was released on July 12, 2021.

Compatibility

Version 5.1.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.0.x, 8.1.x, 8.2.x
CIM 4.18.1
Platforms Platform independent
Vendor Products F5 BIG-IP F5 BIG-IP 11.6.5 - 15.1.0 Licensed LTM, DNS (GTM), APM, and ASM modules.

New Features

  • Fast and intuitive UI with a better look and feel.
  • Provides critical security fix by removing jquery2.
  • Removal of python2 support. Only python3 is supported from now on.
  • Fixed issue where a server error stopped data collection.

Upgrade guide

If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 3.0.0 or later, data is collected by default from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 Servers page (Configuration > Server) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.

Migration from other add-ons

There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.

The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.

You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.

Add-on comparison
Splunk Add-on for F5 BIG-IP 5.1.0 Splunk for F5 Access Splunk for F5 Networks Splunk for F5 Security
Sourcetype See the source types topic for a full list syslog No default source type No default source type
Domain LTM, GTM, APM, ASM APM, FirePass LTM, AFM ASM, APM
Port 9514/9515 514 No default port No default port
Splunk platform version 8.0+ 4.0 to 6.0 4.0 to 6.0 4.0 to 6.0

Fixed issues

Version 5.1.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:


Date resolved Issue number Description
2021-07-12 ADDON-37358 F5 BigIP addon stops ingestion every 4 hours
2021-07-12 ADDON-27390 Splunk freezes each time Addon's error happens, requiring "manual" intervention to restart Splunk - this will resolve the issue

Known issues

Version 5.1.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:


Third-party software attributions

Version 5.1.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.


Version 5.0.0

Version 5.0.0 of the Splunk Add-on for F5 BIG-IP was released on March 18, 2021.

Compatibility

Version 5.0.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 7.3.x, 8.0.x, 8.1.x
CIM 4.18.1
Platforms Platform independent
Vendor Products F5 BIG-IP F5 BIG-IP 11.6.5 - 15.1.0 Licensed LTM, DNS (GTM), APM, and ASM modules.

New Features

  • The UI of the AddOn has been migrated to the UCC framework.
  • The user will now be able to configure logging from the UI.
  • The passwords, templates, servers and tasks configured by the existing users will be automatically migrated to the latest version of the AddOn.
  • The data from the f5_bigip_tasks.conf, f5_bigip_templates.conf and f5_bigip_servers.conf files will be migrated to inputs.conf, f5_templates.conf, f5_servers.conf files respectively.
  • For migrating the stanzas from the f5_bigip_tasks.conf, f5_bigip_servers.conf, f5_bigip_templates.conf files, the data in these files will remain intact. The data from these conf files will be migrated to the new conf files and these files will be referred for data collection.
  • Support for Destination App for servers, templates, and inputs has been removed from the latest version of the AddOn.
  • For each input, separate process will be spawn, hence the CPU Utilization will be improved

Additional Release Notes

  • The data collection logs will be logged under Splunk_TA_f5_bigip_main.log file. The user can find the log file under $SPLUNK_HOME$/var/log/splunk
  • The logs for the migration scripts like migrate_existing_inputs, migrate_existing_passwords, migrate_existing_templates will be logged under migrate_existing_inputs.log, migrate_existing_passwords.log, migrate_existing_templates.log respectively. The user can find the log files under $SPLUNK_HOME$/var/log/splunk

Upgrade guide

If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 3.0.0 or later, data is collected by default from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 Servers page (Configuration > Server) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.

Migration from other add-ons

There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.

The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.

You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.

Add-on comparison
Splunk Add-on for F5 BIG-IP 5.0.0 Splunk for F5 Access Splunk for F5 Networks Splunk for F5 Security
Sourcetype See the source types topic for a full list syslog No default source type No default source type
Domain LTM, GTM, APM, ASM APM, FirePass LTM, AFM ASM, APM
Port 9514/9515 514 No default port No default port
Splunk platform version 7.3+ 4.0 to 6.0 4.0 to 6.0 4.0 to 6.0

Fixed issues

Version 5.0.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:


Known issues

Version 5.0.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:


Third-party software attributions

Version 4.0.1 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.



Version 4.0.1

Version 4.0.1 of the Splunk Add-on for F5 BIG-IP was released on October 13, 2020.

Compatibility

Version 4.0.1 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 7.2.x, 7.3.x, 8.0.x
CIM 4.17
Platforms Platform independent
Vendor Products F5 BIG-IP F5 BIG-IP 11.6.5 - 15.1.0 Licensed LTM, DNS (GTM), APM, and ASM modules.

New Features

  • Migrated for the new data collection mechanism for Telemetry streaming available for F5 BIG-IP version 13.1 and later.
  • Added support for the new AVR event type.
  • Improved support for Splunk Connect for Syslog.

Upgrade guide

If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 3.0.0 or later, data is collected by default from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 BIG-IP Servers page (Configurations > Servers) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.

Migration from other add-ons

There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.

The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.

You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.

Add-on comparison
Splunk Add-on for F5 BIG-IP 4.0.1 Splunk for F5 Access Splunk for F5 Networks Splunk for F5 Security
Sourcetype See the source types topic for a full list syslog No default source type No default source type
Domain LTM, GTM, APM, ASM APM, FirePass LTM, AFM ASM, APM
Port 9514/9515 514 No default port No default port
Splunk platform version 7.2+ 4.0 to 6.0 4.0 to 6.0 4.0 to 6.0

Fixed issues

Version 4.0.1 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:


Date resolved Issue number Description
2020-09-01 ADDON-26915 F5 BIG-IP add-on supported version
2020-05-25 ADDON-26789 Manage Servers button not available when using Splunk versions prior to 7.2.8

Known issues

Version 4.0.1 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:


Third-party software attributions

Version 4.0.1 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.


Release notes for the Splunk Add-on for F5 BIG-IP Version 3.1.0.

Version 3.1.0 of the Splunk Add-on for F5 BIG-IP was released on April 16, 2020.

Compatibility

Version 3.1.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 7.2.x, 7.3.x, 8.0.x
CIM 4.15
Platforms Platform independent
Vendor Products F5 BIG-IP F5 BIG-IP 10.1 - 15.1.0 Licensed LTM, DNS (GTM), APM, and ASM modules.

New Features

  • Support for Python 3 by default
  • FIPS Certification
  • Support through v15.1.0 of F5 BIG-IP

Upgrade guide

If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 3.0.0 or later, data is collected by default from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 BIG-IP Servers page (Configurations > Servers) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.

Migration from other add-ons

There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.

The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.

You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.

Add-on comparison
Splunk Add-on for F5 BIG-IP 3.1.0 Splunk for F5 Access Splunk for F5 Networks Splunk for F5 Security
Sourcetype See the source types topic for a full list syslog No default source type No default source type
Domain LTM, GTM, APM, ASM APM, FirePass LTM, AFM ASM, APM
Port 9514/9515 514 No default port No default port
Splunk platform version 7.2+ 4.0 to 6.0 4.0 to 6.0 4.0 to 6.0

Fixed issues

Version 3.1.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:


Known issues

Version 3.1.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2020-06-26 ADDON-27390 Splunk freezes each time Addon's error happens, requiring "manual" intervention to restart Splunk - this will resolve the issue
2020-06-02 ADDON-26915 F5 BIG-IP add-on supported version
2020-05-19 ADDON-26789 Manage Servers button not available when using Splunk versions prior to 7.2.8

Third-party software attributions

Version 3.1.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.


Version 3.0.0

Version 3.0.0 of the Splunk Add-on for F5 BIG-IP was released on October 21, 2019.

Compatibility

Version 3.0.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.x
CIM 4.12
Platforms Platform independent
Vendor Products F5 BIG-IP 10.1 - 12.X. Licensed LTM, DNS (GTM), APM, and ASM modules.

Versions 2.7.0 and earlier of the Splunk Add-on for F5 BIG-IP are incompatible with versions 8.0 and later of the Splunk platform.

Upgrade guide

If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 3.0.0, by default data will be collected from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 BIG-IP Servers page (Configurations > Servers) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.

Migration from other add-ons

There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.

The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.

You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.

Add-on comparison
Splunk Add-on for F5 BIG-IP 3.0.0 Splunk for F5 Access Splunk for F5 Networks Splunk for F5 Security
Sourcetype See the source types topic for a full list syslog No default source type No default source type
Domain LTM, GTM, APM, ASM APM, FirePass LTM, AFM ASM, APM
Port 9514/9515 514 No default port No default port
Splunk platform version 6.5+ 4.0 to 6.0 4.0 to 6.0 4.0 to 6.0

Fixed issues

Version 3.0.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:


Known issues

Version 3.0.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:


Third-party software attributions

Version 3.0.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.



Version 2.7.0

Version 2.7.0 of the Splunk Add-on for F5 BIG-IP was released on April 17, 2019.

Compatibility

Version 2.7.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x
CIM 4.12
Platforms Platform independent
Vendor Products F5 BIG-IP 10.1 - 12.X. Licensed LTM, DNS (GTM), APM, and ASM modules.

Upgrade guide

If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 2.7.0, by default data will be collected from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 BIG-IP Servers page (Configurations > Servers) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.

Migration from other add-ons

There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.

The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.

You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.

Add-on comparison
Splunk Add-on for F5 BIG-IP 2.7.0 Splunk for F5 Access Splunk for F5 Networks Splunk for F5 Security
Sourcetype See the source types topic for a full list syslog No default source type No default source type
Domain LTM, GTM, APM, ASM APM, FirePass LTM, AFM ASM, APM
Port 9514/9515 514 No default port No default port
Splunk platform version 6.5+ 4.0 to 6.0 4.0 to 6.0 4.0 to 6.0

Fixed issues

Version 2.7.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:


Date resolved Issue number Description
2019-03-04 ADDON-21320 JavaScript alerts don't show the actual error message
2019-02-10 ADDON-19342 Receiving error of Invalid key in stanza from default/log_info.conf
2019-02-06 ADDON-21018 Invalid field extractions in Sourcetype=f5:bigip:ltm:locallb:icontrol and Sourcetype=f5:bigip:apm:syslog

Known issues

Version 2.7.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:


Third-party software attributions

Version 2.7.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.


Version 2.6.0

Version 2.6.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.3
CIM 4.12
Platforms Platform independent
Vendor Products F5 BIG-IP 10.1 - 12.X. Licensed LTM, DNS (GTM), APM, and ASM modules.

Upgrade guide

If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 2.6.0, by default data will be collected from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 BIG-IP Servers page (Configurations > Servers) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.

Migration from other add-ons

There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.

The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.

You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.

Add-on comparison
Splunk Add-on for F5 BIG-IP 2.6.0 Splunk for F5 Access Splunk for F5 Networks Splunk for F5 Security
Sourcetype See the source types topic for a full list syslog No default source type No default source type
Domain LTM, GTM, APM, ASM APM, FirePass LTM, AFM ASM, APM
Port 9514/9515 514 No default port No default port
Splunk platform version 6.5+ 4.0 to 6.0 4.0 to 6.0 4.0 to 6.0

New features

Version 2.6.0 of the Splunk Add-on for F5 BIG-IP has the following new features.

  • Version 2.6.0 adds support for Splunk Enterprise 7.0

Fixed issues

Version 2.6.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues.


Date resolved Issue number Description
2018-03-20 ADDON-14536 Add-on for F5 BIG-IP search tag=web is returning a warning message: "The term '": * acl:"' contains a wildcard in the middle of a word or string. This might cause inconsistent results if the characters that the wildcard represents include punctuation."
2018-03-20 ADDON-16873 DNS responses being split into multiple events when ingested via Splunk Add-on for F5 BIG-IP
2018-03-11 ADDON-9156 F5BigIPWorker class at line 169 when calculating the current timestamp the result is one hour off when DST is active

Known issues

Version 2.6.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues.


Date filed Issue number Description
2019-03-12 ADDON-21486 F5 add-on uses makes incorrect use of malware and ids tags
2019-02-13 ADDON-21320 JavaScript alerts don't show the actual error message
2019-01-23 ADDON-21018 Invalid field extractions in Sourcetype=f5:bigip:ltm:locallb:icontrol and Sourcetype=f5:bigip:apm:syslog
2018-09-07 ADDON-19342 Receiving error of Invalid key in stanza from default/log_info.conf
2016-05-18 ADDON-9539 ophan process in modular input when splunkd is down
2016-04-27 ADDON-9115 Not all message name is added into predefined storage format due to storage format length limitation
2015-10-13 ADDON-6042 TA collects passwords
2015-03-22 ADDON-3421 Different intervals in different events would result to times of increase on memory
2015-01-04 ADDON-2860 The inputs count is always 0.
2014-12-22 ADDON-2773 The field _time for syslog has some delay than that on F5 server.
2014-12-19 ADDON-2761 Field value of timestamp is always "none"

Third-party software attributions

Version 2.6.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.

Version 2.5.0

About this release

Version 2.5.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.3 and above
CIM 4.3 and above
Platforms Platform independent
Vendor Products F5 BIG-IP 10.1 - 12.0. Licensed LTM, DNS (GTM), APM, and ASM modules.


New features

Version 2.5.0 of the Splunk Add-on for F5 BIG-IP has the following new features.

Date Issue number Description
04-08-2016 ADDON-8640 Support F5 BIGIP version 12.0.0.
04-16-2016 ADDON-7769 /ADDON-8784 Add new ITSI Load Balancer data model fields to the add-on.
04-06-2016 ADDON-8421 /ADDON-8641 Update event types, tags, and fields for latest ITSI Load Balancer module.
04-08-2016 ADDON-8643 Support APM syslog from channels other than F5 syslog server, such as through file monitoring and third-party systems.
04-28-2016 ADDON-9088 Update templates to support latest iControl API for F5 BIGIP v12.0.0.

Fixed issues

Version 2.5.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues.

Date Issue number Description
2016-05-19 ADDON-9548 "get_location" listed twice under Management.Device in prebuilt Standard_Management template.
2016-05-16 ADDON-9183 "get_description" listed twice under Management.Device in prebuilt Standard_Management template.
2016-05-16 ADDON-9319 f5_bigip-icontrol is defined in props.conf but not defined in transforms.conf stanza. Remove f5_bigip-icontrol from props.conf.
2016-05-16 ADDON-9171 In events from the modular input, the host value of the event is set as the Splunk instance IP address instead of the F5 server IP address. The host field value of an event should be the name of the physical device from which the event originates.
2016-05-16 ADDON-9116 Audit events misidentified as Malware/IDS attack. Set sourcetype to "f5:bigip:syslog" for new events of Audit ASM log.
2016-04-28 ADDON-9084 Error message in log when connect to F5 12.0: Exception (it may be caused by unreachable F5 server "10.66.131.217" or wrong iControl API "GlobalLB.WideIP.get_wideip" in configured template).
2016-04-26 ADDON-9068 f5_bigip_service field should be divided into "service" and "pid" for the source type "f5:bigip:apm:syslog".
2016-04-25 ADDON-9010 "dest_ip" and "src_ip" in eventtype f5_bigip_apm_acl_applied_result is not available.
2016-04-16 ADDON-8589 UI cannot show when using base URL via reverse proxy.
2016-04-12 ADDON-7401 BigIP 12.0.0 compatibility fix: a new field named "partition" has been added for F5 BIGIP v12.0.0 APM for which the source type is "f5:bigip:apm:syslog".
2016-03-25 ADDON-7299 Extractions based on two timestamps instead of one.
2016-03-01 ADDON-8000 Inputs enabled by default; should be disabled by default.

Known issues

Version 2.5.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues.

Date Issue number Description
2016-05-18 ADDON-9539 Orphan process in modular input when splunkd is down.
2016-01-30 ADDON-8695 FIPS mode is not supported by this add-on. For a workaround, see Add-ons and FIPS mode in the Splunk Add-ons manual.
2015/11/20 ADDON-13159 / SPL-110199 Add-on has a warning upon startup "Invalid key in stanza [citrix_netscaler] in /opt/splunk/etc/apps/Splunk_TA_f5-bigip/default/inputs.conf, line 4: start_by_shell (value: false)." when running on Splunk 6.3. This warning is invalid and can be ignored.
2016-01-13 ADDON-5325 requireClientCert=true in server.conf is not supported by add-ons using modular inputs and REST. If this setting is enabled in server.conf, communication is broken between the modular input and splunkd and the add-on stops collecting data. The following error appears in the splunkd.log: "SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate." The workaround is to set requireClientCert=false.
2015-10-13 ADDON-6042 F5 collects encrypted passwords for the Inventory data model. This supports a valid Enterprise Security use case, but if you do not want to index the encrypted value, you can add a sed script to props.conf. For more details, see Anonymize data in Getting Data In.
03/24/2015 ADDON-3421 Memory usage increases for different events polled at different intervals.
01/16/2015 ADDON-2773 When collecting syslog via UDP, the timestamp for the event in Splunk Enterprise does not match the timestamp for the event on an F5 server.
01/11/2015 ADDON-2761 The field value of the timestamp is always "none". Workaround: use field _time instead.
01/08/2015 ADDON-2860 In Splunk Web, on the Data Inputs page, the number of F5 BIG-IP inputs is always 0, even if inputs have been configured.
2016-04-28 ADDON-9115 Not all message names are added into predefined storage format due to F5 storage format length limitation (1024 characters).

Third-party software attributions

Version 2.5.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.

Version 2.4.0

Version 2.4.0 of the Splunk Add-on for F5 BIG-IP has the same compatibility specifications as Version 2.5.0.

Upgrade guide

If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 2.4.0, by default, data will be collected from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 BIG-IP Servers page (Configurations > Servers) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.

Migration from other add-ons

There is no migration path for the existing add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.

The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.

You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.

Add-on comparison
Splunk Add-on for F5 BIG-IP 2.4.0 Splunk for F5 Access Splunk for F5 Networks Splunk for F5 Security
Sourcetype See the source types topic for a full list syslog No default source type No default source type
Domain LTM, GTM, APM, ASM APM, FirePass LTM, AFM ASM, APM
Port 9514/9515 514 No default port No default port
Splunk platform version 6.2+ 4.0 to 6.0 4.0 to 6.0 4.0 to 6.0

New features

Version 2.4.0 of the Splunk Add-on for F5 BIG-IP has the following new features.

Date Issue number Description
09-11-2015 ADDON-6284 Updates to tags.conf to comply with ITSI load balancer module.
09-11-2015 ADDON-6134 Updates to fields and field data types to comply with ITSI load balancer module. Includes the creation of two new lookup files.

Fixed issues

Version 2.4.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues.

Date resolved Issue number Description
2015-12-04 ADDON-6508 Field men_used_percent gives bad values.
2015-12-03 ADDON-6771 Field ssl-tpl should only calculate with type STATISTIC_SSL_FIVE_SEC_AVG_TOT_CONNS.
2015-12-03 ADDON-6382 Fields protocol_version, wait_thread_count, vip_throughput, and ssl_tps need to be collected for the load balancer module.
2015-12-02 ADDON-6512 Need to collect AVL_STATUS FAILOVER_STATUS as 0 or 1 values instead of strings.
2015-12-02 ADDON-6745 Sum of storage_free, storage_used doesn't match storage.
2015-12-02 ADDON-6495 Field mem is smaller than mem_used.
2015-12-02 ADDON-6380 Alias needed: mem_usage_percent to mem_used_percent.
2015-11-24 ADDON-6510 Missing field storage_used_percent.
2015-11-12 ADDON-6120 Add-on does not index cpu_mhz.
2015-10-27 ADDON-6138 Device configuration: some logs are mis-identified as "f5:ltm:failed:irule".

Known issues

Version 2.4.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues.

Date Issue number Description
2016-01-30 ADDON-7646 FIPS mode is not supported by this add-on. For a workaround, see Add-ons and FIPS mode in the Splunk Add-ons manual.
2016-01-13 ADDON-5325 requireClientCert=true in server.conf is not supported by add-ons using modular inputs and REST. If this setting is enabled in server.conf, communication is broken between the modular input and splunkd and the add-on stops collecting data. The following error appears in the splunkd.log: "SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate." The workaround is to set requireClientCert=false.
2015-10-13 ADDON-6042 F5 collects encrypted passwords for the Inventory data model. This supports a valid Enterprise Security use case, but if you do not want to index the encrypted value, you can add a sed script to props.conf. For more details, see Anonymize data in Getting Data In.
03/24/2015 ADDON-3421 Memory usage increases for different events polled at different intervals.
01/16/2015 ADDON-2773 When collecting syslog via UDP, the timestamp for the event in Splunk Enterprise does not match the timestamp for the event on an F5 server.
01/11/2015 ADDON-2761 The field value of the timestamp is always "none". Workaround: use field _time instead.
01/08/2015 ADDON-2860 In Splunk Web, on the Data Inputs page, the number of F5 BIG-IP inputs is always 0, even if inputs have been configured.

Third-party software attributions

Version 2.4.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.

Version 2.3.0

Version 2.3.0 has the same compatibility specifications as Version 2.4.0.

Upgrade Guide

If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 to the Splunk Add-on for F5 BIG-IP 2.3.0, note that version 2.2.0 collected data from the Common partition only. After you upgrade to version 2.3.0, by default, data will be collected from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 BIG-IP Servers page (Configurations -> Servers) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.

Migration guide

There is no migration path for the existing add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.

The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.

You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.

Add-on comparison
Splunk Add-on for F5 BIG-IP 2.3.0 Splunk for F5 Access Splunk for F5 Networks Splunk for F5 Security
Sourcetype See the source types topic for a full list syslog No default source type No default source type
Domain LTM, GTM, APM, ASM APM, FirePass LTM, AFM ASM, APM
Port 9514/9515 514 No default port No default port
Splunk platform version 6.2+ 4.0 to 6.0 4.0 to 6.0 4.0 to 6.0

New features

Version 2.3.0 of the Splunk Add-on for F5 BIG-IP has the following new features.

Date Issue number Description
08/27/15 ADDON-3999 Added support for gathering data from other partitions in addition to the Common partition. A new field named Partitions has been added to the Add F5 BIG-IP Server dialog where the names of the partitions from which to collect data can be specified. In addition, a new field named f5_bigip_partition_name has been included in events to indicate the partition that an event came from. Also updated the template format.

Fixed issues

Version 2.3.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues.

Date Issue number Description
08/27/15 ADDON-4866 Controls in add-on not available when using a custom Splunk path.

Known issues

Version 2.3.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues.

Date filed Issue number Description
2015-12-03 ADDON-6771 Field ssl-tpl should only calculate with type STATISTIC_SSL_FIVE_SEC_AVG_TOT_CONNS.
2015-12-02 ADDON-6745 Sum of storage_free, storage_used doesn't match storage.
2015-11-18 ADDON-6512 Need to collect AVL_STATUS FAILOVER_STATUS as 0 or 1 values instead of strings.
2015-11-18 ADDON-6510 Missing field storage_used_percent.
2015-11-18 ADDON-6495 Field mem is smaller than mem_used.
2015-11-18 ADDON-6508 Field men_used_percent gives bad values.
2015-11-10 ADDON-6382 Fields protocol_version, wait_thread_count, vip_throughput, and ssl_tps need to be collected for the load balancer module.
2015-11-10 ADDON-6380 Alias needed: mem_usage_percent to mem_used_percent.
2015-10-22 ADDON-6138 Device configuration: some logs are mis-identified as "f5:ltm:failed:irule".
2015-10-20 ADDON-6120 Add-on does not index cpu_mhz.
2015-10-13 ADDON-6042 F5 collects encrypted passwords for the Inventory data model. This supports a valid Enterprise Security use case, but if you do not want to index the encrypted value, you can add a sed script to props.conf. For more details, see Anonymize data in Getting Data In.
03/24/15 ADDON-3421 Memory usage increases for different events polled at different intervals.
01/16/15 ADDON-2773 When collecting syslog via UDP, the timestamp for the event in Splunk Enterprise does not match the timestamp for the event on an F5 server.
01/11/15 ADDON-2761 The field value of the timestamp is always "none". Workaround: use field _time instead.
01/08/15 ADDON-2860 In Splunk Web, on the Data Inputs page, the number of F5 BIG-IP inputs is always 0, even if inputs have been configured.

Third-party software attributions

Version 2.3.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.

Version 2.2.0

Version 2.2.0 of the Splunk Add-on for F5 BIG-IP was compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.1 and above
CIM 4.2, 4.1
Platforms Platform independent
Vendor Products F5 BIG-IP 10.1 and above. Licensed LTM, GTM, APM, and ASM modules.

Migration Guide

There is no migration path for the existing add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.

The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.

You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.

Add-on comparison
Splunk Add-on for F5 BIG-IP 2.2.0 Splunk for F5 Access Splunk for F5 Networks Splunk for F5 Security
Sourcetype See the source types topic for a full list syslog No default source type No default source type
Domain LTM, GTM, APM, ASM APM, FirePass LTM, AFM ASM, APM
Port 9514/9515 514 No default port No default port
Splunk platform version 6.1, 6.2 4.0 to 6.0 4.0 to 6.0 4.0 to 6.0

New features

Version 2.2.0 of the Splunk Add-on for F5 BIG-IP had the following new features.

Date Issue number Description
04/17/15 ADDON-1476 Support for F5 BIG-IP Access Policy Manager (APM).

Known issues

Version 2.2.0 of the Splunk Add-on for F5 BIG-IP had the following reported known issues.

Date Issue number Description
03/24/15 ADDON-3421 Memory usage increases for different events polled at different intervals.
01/16/15 ADDON-2773 When collecting syslog via UDP, the timestamp for the event in Splunk platform does not match the timestamp for the event on an F5 server.
01/11/15 ADDON-2761 The field value of the timestamp is always "none". Workaround: use field _time instead.
01/08/15 ADDON-2860 In Splunk Web, on the Data Inputs page, the number of F5 BIG-IP inputs is always 0, even if inputs have been configured.

Third-party software attributions

Version 2.2.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.

Version 2.1.0

Version 2.1.0 of the Splunk Add-on for F5 BIG-IP was compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.1 and above
CIM 4.2, 4.1
Platforms Platform independent
Vendor Products F5 BIG-IP 10.1 and above. Licensed LTM, GTM, and ASM modules.

Migration Guide

There is no migration path for the existing add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.

The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.

You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.

Add-on comparison
Splunk Add-on for F5 BIG-IP 2.0.0 Splunk for F5 Access Splunk for F5 Networks Splunk for F5 Security
Sourcetype See the source types topic for a full list syslog No default source type No default source type
Domain LTM, GTM, ASM APM, FirePass LTM, AFM ASM, APM
Port 9514/9515 514 No default port No default port
Splunk platform version 6.1, 6.2 4.0 to 6.0 4.0 to 6.0 4.0 to 6.0

New features

Version 2.1.0 of the Splunk Add-on for F5 BIG-IP had the following new features.

Date Issue number Description
03/18/15 ADDON-331 Support for F5 BIG-IP Application Security Manager (ASM).
03/25/15 ADDON-3463 Source types renamed to follow best practices. Backwards compatible with previous naming.

Known issues

Version 2.1.0 of the Splunk Add-on for F5 BIG-IP had the following reported known issues.

Date Issue number Description
03/24/15 ADDON-3421 Memory usage increases for different events polled at different intervals.
01/16/15 ADDON-2773 When collecting syslog via UDP, the timestamp for the event in Splunk platform does not match the timestamp for the event on an F5 server.
01/11/15 ADDON-2761 The field value of the timestamp is always "none". Workaround: use field _time instead.
01/08/15 ADDON-2860 In Splunk Web, on the Data Inputs page, the number of F5 BIG-IP inputs is always 0, even if inputs have been configured.

Third-party software attributions

Version 2.1.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.


Version 2.0.0

Version 2.0.0 of the Splunk Add-on for F5 BIG-IP was compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.1 and above
CIM 4.1
Platforms Platform independent
Vendor Products F5 BIG-IP 10.1 and above. Licensed LTM and GTM modules.

Migration Guide

There is no migration path for the existing add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.

The Splunk Add-on for F5 BIG-IP is a new Splunk supported add-on for the LTM and GTM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.

You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, so long as the add-ons do not share the same port or source types.

Add-on comparison
Splunk Add-on for F5 BIG-IP 2.0.0 Splunk for F5 Access Splunk for F5 Networks Splunk for F5 Security
Sourcetype f5_bigip:icontrol*, f5_bigip:irule*, f5_bigip:syslog syslog No default source type No default source type
Domain LTM, GTM APM, FirePass LTM, AFM ASM, APM
Port 9514 514 No default port No default port
Splunk platform version 6.1, 6.2 4.0 to 6.0 4.0 to 6.0 4.0 to 6.0

New features

Version 2.0.0 of the Splunk Add-on for F5 BIG-IP had the following new features.

Date Issue number Description
12/28/14 ADDON-467 Splunk-supported add-on providing CIM-compatible inputs for LTM and GTM technologies.

Known issues

Version 2.0.0 of the Splunk Add-on for F5 BIG-IP had the following reported known issues.

Date Issue number Description
03/24/15 ADDON-3421 Memory usage increases for different events polled at different intervals.
01/16/15 ADDON-2773 When collecting syslog via UDP, the timestamp for the event in Splunk platform does not match the timestamp for the event on an F5 server.
01/11/15 ADDON-2761 The field value of the timestamp is always "none". Workaround: use field _time instead.
01/08/15 ADDON-2860 In Splunk Web, on the Data Inputs page, the number of F5 BIG-IP inputs is always 0, even if inputs have been configured.

Third-party software attributions

Version 2.0.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.

Last modified on 19 December, 2023
PREVIOUS
Release notes for the Splunk Add-on for F5 BIG-IP
 

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters