Release history for the Splunk Add-on for F5 BIG-IP
Latest release
The latest release of the Splunk Add-on for F5 BIG-IP is version 6.2.1. See Release notes for the Splunk Add-on for F5 Big-IP for the release notes of this latest version.
Version 6.2.1
Version 6.2.1 of the Splunk Add-on for F5 BIG-IP was released on December 12, 2023.
Compatibility
Version 6.2.1 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 8.2.x, 9.0.x, 9.1.x |
| CIM | 5.2.0 |
| Platforms | Platform independent |
| Vendor Products | F5 BIG-IP F5 BIG-IP 11.6.5 - 17.1.0 Licensed LTM, DNS (GTM), APM, AFM, and ASM modules. |
New Features
- Fixed the security vulnerabilities found in the urllib3 library by upgrading the version from 1.26.13 to 1.26.18.
- Fixed an issue in updating the running inputs that were not modifiable by users post-Splunk restart.
Fixed issues
Version 6.2.1 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:
Known issues
Version 6.2.1 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for F5 BIG-IP third-party software credits.
Version 6.2.0
Version 6.2.0 of the Splunk Add-on for F5 BIG-IP was released on September 28, 2023.
Compatibility
Version 6.2.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 8.2.x, 9.0.x, 9.1.x |
| CIM | 5.2.0 |
| Platforms | Platform independent |
| Vendor Products | F5 BIG-IP F5 BIG-IP 11.6.5 - 17.1.0 Licensed LTM, DNS (GTM), APM, AFM, and ASM modules. |
New Features
- Added support of the F5 BIG-IP product v17.1.0
- CIM field enhancements for these sourcetypes:
f5:bigip:syslog- "Connection error" related events having source and destination address are mapped with Network Traffic CIM data modelf5:bigip:apm:syslog- "Assigned PPP", "allow ACL", "reject ACL" type of events are mapped to Network Traffic CIM data modelf5:bigip:apm:syslog- "New session from client IP" type of events are mapped to Network Session CIM data modelf5:bigip:gtm:dns:request:irule- events falling under this sourcetypes are mapped with Network Resolution DNS CIM data modelf5:bigip:ltm:ssl:error- "SSL Handshake Failed" type of events will be mapped under this sourcetype instead off5:bigip:syslogand it will be mapped to Network Traffic CIM data model
- Logger enhancements - There will be a separate log file for each of the inputs configured in the add-on and the naming convention will be
splunk_ta_f5_bigip_input-<input_name>.log
It is recommended that the user first disables all the inputs, and then upgrades to the latest version of the add-on, so that it does not lead to any discrepancies in the logs of the input
Fixed issues
Version 6.2.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:
Known issues
Version 6.2.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for F5 BIG-IP third-party software credits.
Version 6.1.1
Version 6.1.1 of the Splunk Add-on for F5 BIG-IP was released on March 6, 2023.
Compatibility
Version 6.1.1 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
| CIM | 5.0.2 |
| Platforms | Platform independent |
| Vendor Products | F5 BIG-IP F5 BIG-IP 11.6.5 - 17.0.0 Licensed LTM, DNS (GTM), APM, AFM, and ASM modules. |
New Features
- Fixed a security vulnerability found in the certifi library.
Fixed issues
Version 6.1.1 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:
Known issues
Version 6.1.1 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for F5 BIG-IP third-party software credits.
Version 6.0.0
Version 6.0.0 of the Splunk Add-on for F5 BIG-IP was released on Mar 7, 2022.
Compatibility
Version 6.0.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 8.1.x, 8.2.x |
| CIM | 5.0.0 |
| Platforms | Platform independent |
| Vendor Products | F5 BIG-IP F5 BIG-IP 11.6.5 - 16.1.0 Licensed LTM, DNS (GTM), APM, AFM, and ASM modules. |
New Features
- Migrated the data collection from the SOAP API to Telemetry Streaming. Users will have to reconfigure the Accounts, Templates and Inputs to start the data collection using Telemetry Streaming.
- Added support for the AFM module for Telemetry Streaming.
- Added the Intrusion Detection Data Model for ASM module events.
- The events for the
f5:bigip:gtm:dns:response:irulesource type will be mapped to the Network DNS Resolution Data Model. - Removed the support for partitions from the Server Configuration.
- The data collected using the SOAP API will be parsable and searchable, but the user will no longer be able to collect the data using the SOAP API.
Upgrade Guide
The Splunk add-on for F5 BigIP version 6.0.0 collects the data using Telemetry Streaming. If you configured any custom template to collect the data from the SOAP API, you will need to locate the REST API replacement for that SOAP API, to perform the data collection using the new version of this add-on. For more information, see Create New Templates.
- You will need to reconfigure the inputs to start the data collection. For more information on creating inputs for this add-on, see Create Inputs.
Migration from other add-ons
There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.
The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.
You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.
| Splunk Add-on for F5 BIG-IP 5.1.0 | Splunk for F5 Access | Splunk for F5 Networks | Splunk for F5 Security | |
|---|---|---|---|---|
| Sourcetype | See the source types topic for a full list | syslog | No default source type | No default source type |
| Domain | LTM, GTM, APM, ASM | APM, FirePass | LTM, AFM | ASM, APM |
| Port | 9514/9515 | 514 | No default port | No default port |
| Splunk platform version | 8.0+ | 4.0 to 6.0 | 4.0 to 6.0 | 4.0 to 6.0 |
Fixed issues
Version 6.0.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:
Known issues
Version 6.0.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:
| Date filed | Issue number | Description |
|---|---|---|
| 2022-10-27 | ADDON-57007 | Password with special characters not working in configuration |
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for F5 BIG-IP third-party software credits.
Version 5.1.0
Version 5.1.0 of the Splunk Add-on for F5 BIG-IP was released on July 12, 2021.
Compatibility
Version 5.1.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 8.0.x, 8.1.x, 8.2.x |
| CIM | 4.18.1 |
| Platforms | Platform independent |
| Vendor Products | F5 BIG-IP F5 BIG-IP 11.6.5 - 15.1.0 Licensed LTM, DNS (GTM), APM, and ASM modules. |
New Features
- Fast and intuitive UI with a better look and feel.
- Provides critical security fix by removing jquery2.
- Removal of python2 support. Only python3 is supported from now on.
- Fixed issue where a server error stopped data collection.
Upgrade guide
If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 3.0.0 or later, data is collected by default from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 Servers page (Configuration > Server) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.
Migration from other add-ons
There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.
The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.
You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.
| Splunk Add-on for F5 BIG-IP 5.1.0 | Splunk for F5 Access | Splunk for F5 Networks | Splunk for F5 Security | |
|---|---|---|---|---|
| Sourcetype | See the source types topic for a full list | syslog | No default source type | No default source type |
| Domain | LTM, GTM, APM, ASM | APM, FirePass | LTM, AFM | ASM, APM |
| Port | 9514/9515 | 514 | No default port | No default port |
| Splunk platform version | 8.0+ | 4.0 to 6.0 | 4.0 to 6.0 | 4.0 to 6.0 |
Fixed issues
Version 5.1.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:
| Date resolved | Issue number | Description |
|---|---|---|
| 2021-07-12 | ADDON-37358 | F5 BigIP addon stops ingestion every 4 hours |
| 2021-07-12 | ADDON-27390 | Splunk freezes each time Addon's error happens, requiring "manual" intervention to restart Splunk - this will resolve the issue |
Known issues
Version 5.1.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions
Version 5.1.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.
Version 5.0.0
Version 5.0.0 of the Splunk Add-on for F5 BIG-IP was released on March 18, 2021.
Compatibility
Version 5.0.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 7.3.x, 8.0.x, 8.1.x |
| CIM | 4.18.1 |
| Platforms | Platform independent |
| Vendor Products | F5 BIG-IP F5 BIG-IP 11.6.5 - 15.1.0 Licensed LTM, DNS (GTM), APM, and ASM modules. |
New Features
- The UI of the AddOn has been migrated to the UCC framework.
- The user will now be able to configure logging from the UI.
- The passwords, templates, servers and tasks configured by the existing users will be automatically migrated to the latest version of the AddOn.
- The data from the f5_bigip_tasks.conf, f5_bigip_templates.conf and f5_bigip_servers.conf files will be migrated to inputs.conf, f5_templates.conf, f5_servers.conf files respectively.
- For migrating the stanzas from the f5_bigip_tasks.conf, f5_bigip_servers.conf, f5_bigip_templates.conf files, the data in these files will remain intact. The data from these conf files will be migrated to the new conf files and these files will be referred for data collection.
- Support for Destination App for servers, templates, and inputs has been removed from the latest version of the AddOn.
- For each input, separate process will be spawn, hence the CPU Utilization will be improved
Additional Release Notes
- The data collection logs will be logged under Splunk_TA_f5_bigip_main.log file. The user can find the log file under
$SPLUNK_HOME$/var/log/splunk - The logs for the migration scripts like migrate_existing_inputs, migrate_existing_passwords, migrate_existing_templates will be logged under migrate_existing_inputs.log, migrate_existing_passwords.log, migrate_existing_templates.log respectively. The user can find the log files under
$SPLUNK_HOME$/var/log/splunk
Upgrade guide
If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 3.0.0 or later, data is collected by default from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 Servers page (Configuration > Server) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.
Migration from other add-ons
There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.
The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.
You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.
| Splunk Add-on for F5 BIG-IP 5.0.0 | Splunk for F5 Access | Splunk for F5 Networks | Splunk for F5 Security | |
|---|---|---|---|---|
| Sourcetype | See the source types topic for a full list | syslog | No default source type | No default source type |
| Domain | LTM, GTM, APM, ASM | APM, FirePass | LTM, AFM | ASM, APM |
| Port | 9514/9515 | 514 | No default port | No default port |
| Splunk platform version | 7.3+ | 4.0 to 6.0 | 4.0 to 6.0 | 4.0 to 6.0 |
Fixed issues
Version 5.0.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:
Known issues
Version 5.0.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions
Version 4.0.1 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.
Version 4.0.1
Version 4.0.1 of the Splunk Add-on for F5 BIG-IP was released on October 13, 2020.
Compatibility
Version 4.0.1 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 7.2.x, 7.3.x, 8.0.x |
| CIM | 4.17 |
| Platforms | Platform independent |
| Vendor Products | F5 BIG-IP F5 BIG-IP 11.6.5 - 15.1.0 Licensed LTM, DNS (GTM), APM, and ASM modules. |
New Features
- Migrated for the new data collection mechanism for Telemetry streaming available for F5 BIG-IP version 13.1 and later.
- Added support for the new AVR event type.
- Improved support for Splunk Connect for Syslog.
Upgrade guide
If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 3.0.0 or later, data is collected by default from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 BIG-IP Servers page (Configurations > Servers) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.
Migration from other add-ons
There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.
The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.
You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.
| Splunk Add-on for F5 BIG-IP 4.0.1 | Splunk for F5 Access | Splunk for F5 Networks | Splunk for F5 Security | |
|---|---|---|---|---|
| Sourcetype | See the source types topic for a full list | syslog | No default source type | No default source type |
| Domain | LTM, GTM, APM, ASM | APM, FirePass | LTM, AFM | ASM, APM |
| Port | 9514/9515 | 514 | No default port | No default port |
| Splunk platform version | 7.2+ | 4.0 to 6.0 | 4.0 to 6.0 | 4.0 to 6.0 |
Fixed issues
Version 4.0.1 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:
| Date resolved | Issue number | Description |
|---|---|---|
| 2020-09-01 | ADDON-26915 | F5 BIG-IP add-on supported version |
| 2020-05-25 | ADDON-26789 | Manage Servers button not available when using Splunk versions prior to 7.2.8 |
Known issues
Version 4.0.1 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions
Version 4.0.1 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.
Release notes for the Splunk Add-on for F5 BIG-IP Version 3.1.0.
Version 3.1.0 of the Splunk Add-on for F5 BIG-IP was released on April 16, 2020.
Compatibility
Version 3.1.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 7.2.x, 7.3.x, 8.0.x |
| CIM | 4.15 |
| Platforms | Platform independent |
| Vendor Products | F5 BIG-IP F5 BIG-IP 10.1 - 15.1.0 Licensed LTM, DNS (GTM), APM, and ASM modules. |
New Features
- Support for Python 3 by default
- FIPS Certification
- Support through v15.1.0 of F5 BIG-IP
Upgrade guide
If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 3.0.0 or later, data is collected by default from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 BIG-IP Servers page (Configurations > Servers) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.
Migration from other add-ons
There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.
The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.
You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.
| Splunk Add-on for F5 BIG-IP 3.1.0 | Splunk for F5 Access | Splunk for F5 Networks | Splunk for F5 Security | |
|---|---|---|---|---|
| Sourcetype | See the source types topic for a full list | syslog | No default source type | No default source type |
| Domain | LTM, GTM, APM, ASM | APM, FirePass | LTM, AFM | ASM, APM |
| Port | 9514/9515 | 514 | No default port | No default port |
| Splunk platform version | 7.2+ | 4.0 to 6.0 | 4.0 to 6.0 | 4.0 to 6.0 |
Fixed issues
Version 3.1.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:
Known issues
Version 3.1.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:
| Date filed | Issue number | Description |
|---|---|---|
| 2020-06-26 | ADDON-27390 | Splunk freezes each time Addon's error happens, requiring "manual" intervention to restart Splunk - this will resolve the issue |
| 2020-06-02 | ADDON-26915 | F5 BIG-IP add-on supported version |
| 2020-05-19 | ADDON-26789 | Manage Servers button not available when using Splunk versions prior to 7.2.8 |
Third-party software attributions
Version 3.1.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.
Version 3.0.0
Version 3.0.0 of the Splunk Add-on for F5 BIG-IP was released on October 21, 2019.
Compatibility
Version 3.0.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.x |
| CIM | 4.12 |
| Platforms | Platform independent |
| Vendor Products | F5 BIG-IP 10.1 - 12.X. Licensed LTM, DNS (GTM), APM, and ASM modules. |
Versions 2.7.0 and earlier of the Splunk Add-on for F5 BIG-IP are incompatible with versions 8.0 and later of the Splunk platform.
Upgrade guide
If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 3.0.0, by default data will be collected from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 BIG-IP Servers page (Configurations > Servers) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.
Migration from other add-ons
There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.
The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.
You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.
| Splunk Add-on for F5 BIG-IP 3.0.0 | Splunk for F5 Access | Splunk for F5 Networks | Splunk for F5 Security | |
|---|---|---|---|---|
| Sourcetype | See the source types topic for a full list | syslog | No default source type | No default source type |
| Domain | LTM, GTM, APM, ASM | APM, FirePass | LTM, AFM | ASM, APM |
| Port | 9514/9515 | 514 | No default port | No default port |
| Splunk platform version | 6.5+ | 4.0 to 6.0 | 4.0 to 6.0 | 4.0 to 6.0 |
Fixed issues
Version 3.0.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:
Known issues
Version 3.0.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions
Version 3.0.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.
Version 2.7.0
Version 2.7.0 of the Splunk Add-on for F5 BIG-IP was released on April 17, 2019.
Compatibility
Version 2.7.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.6.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x |
| CIM | 4.12 |
| Platforms | Platform independent |
| Vendor Products | F5 BIG-IP 10.1 - 12.X. Licensed LTM, DNS (GTM), APM, and ASM modules. |
Upgrade guide
If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 2.7.0, by default data will be collected from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 BIG-IP Servers page (Configurations > Servers) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.
Migration from other add-ons
There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.
The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.
You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.
| Splunk Add-on for F5 BIG-IP 2.7.0 | Splunk for F5 Access | Splunk for F5 Networks | Splunk for F5 Security | |
|---|---|---|---|---|
| Sourcetype | See the source types topic for a full list | syslog | No default source type | No default source type |
| Domain | LTM, GTM, APM, ASM | APM, FirePass | LTM, AFM | ASM, APM |
| Port | 9514/9515 | 514 | No default port | No default port |
| Splunk platform version | 6.5+ | 4.0 to 6.0 | 4.0 to 6.0 | 4.0 to 6.0 |
Fixed issues
Version 2.7.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues:
| Date resolved | Issue number | Description |
|---|---|---|
| 2019-03-04 | ADDON-21320 | JavaScript alerts don't show the actual error message |
| 2019-02-10 | ADDON-19342 | Receiving error of Invalid key in stanza from default/log_info.conf |
| 2019-02-06 | ADDON-21018 | Invalid field extractions in Sourcetype=f5:bigip:ltm:locallb:icontrol and Sourcetype=f5:bigip:apm:syslog |
Known issues
Version 2.7.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues. If no issues appear below, no issues have yet been reported:
Third-party software attributions
Version 2.7.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.
Version 2.6.0
Version 2.6.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.6.x, 7.0.x, 7.1.x, 7.2.3 |
| CIM | 4.12 |
| Platforms | Platform independent |
| Vendor Products | F5 BIG-IP 10.1 - 12.X. Licensed LTM, DNS (GTM), APM, and ASM modules. |
Upgrade guide
If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 2.6.0, by default data will be collected from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 BIG-IP Servers page (Configurations > Servers) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.
Migration from other add-ons
There is no migration path for the other add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.
The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.
You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.
| Splunk Add-on for F5 BIG-IP 2.6.0 | Splunk for F5 Access | Splunk for F5 Networks | Splunk for F5 Security | |
|---|---|---|---|---|
| Sourcetype | See the source types topic for a full list | syslog | No default source type | No default source type |
| Domain | LTM, GTM, APM, ASM | APM, FirePass | LTM, AFM | ASM, APM |
| Port | 9514/9515 | 514 | No default port | No default port |
| Splunk platform version | 6.5+ | 4.0 to 6.0 | 4.0 to 6.0 | 4.0 to 6.0 |
New features
Version 2.6.0 of the Splunk Add-on for F5 BIG-IP has the following new features.
- Version 2.6.0 adds support for Splunk Enterprise 7.0
Fixed issues
Version 2.6.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 2018-03-20 | ADDON-14536 | Add-on for F5 BIG-IP search tag=web is returning a warning message: "The term '": * acl:"' contains a wildcard in the middle of a word or string. This might cause inconsistent results if the characters that the wildcard represents include punctuation." |
| 2018-03-20 | ADDON-16873 | DNS responses being split into multiple events when ingested via Splunk Add-on for F5 BIG-IP |
| 2018-03-11 | ADDON-9156 | F5BigIPWorker class at line 169 when calculating the current timestamp the result is one hour off when DST is active |
Known issues
Version 2.6.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues.
| Date filed | Issue number | Description |
|---|---|---|
| 2019-03-12 | ADDON-21486 | F5 add-on uses makes incorrect use of malware and ids tags |
| 2019-02-13 | ADDON-21320 | JavaScript alerts don't show the actual error message |
| 2019-01-23 | ADDON-21018 | Invalid field extractions in Sourcetype=f5:bigip:ltm:locallb:icontrol and Sourcetype=f5:bigip:apm:syslog |
| 2018-09-07 | ADDON-19342 | Receiving error of Invalid key in stanza from default/log_info.conf |
| 2016-05-18 | ADDON-9539 | ophan process in modular input when splunkd is down |
| 2016-04-27 | ADDON-9115 | Not all message name is added into predefined storage format due to storage format length limitation |
| 2015-10-13 | ADDON-6042 | TA collects passwords |
| 2015-03-22 | ADDON-3421 | Different intervals in different events would result to times of increase on memory |
| 2015-01-04 | ADDON-2860 | The inputs count is always 0. |
| 2014-12-22 | ADDON-2773 | The field _time for syslog has some delay than that on F5 server. |
| 2014-12-19 | ADDON-2761 | Field value of timestamp is always "none" |
Third-party software attributions
Version 2.6.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.
Version 2.5.0
About this release
Version 2.5.0 of the Splunk Add-on for F5 BIG-IP is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.3 and above |
| CIM | 4.3 and above |
| Platforms | Platform independent |
| Vendor Products | F5 BIG-IP 10.1 - 12.0. Licensed LTM, DNS (GTM), APM, and ASM modules. |
New features
Version 2.5.0 of the Splunk Add-on for F5 BIG-IP has the following new features.
| Date | Issue number | Description |
|---|---|---|
| 04-08-2016 | ADDON-8640 | Support F5 BIGIP version 12.0.0. |
| 04-16-2016 | ADDON-7769 /ADDON-8784 | Add new ITSI Load Balancer data model fields to the add-on. |
| 04-06-2016 | ADDON-8421 /ADDON-8641 | Update event types, tags, and fields for latest ITSI Load Balancer module. |
| 04-08-2016 | ADDON-8643 | Support APM syslog from channels other than F5 syslog server, such as through file monitoring and third-party systems. |
| 04-28-2016 | ADDON-9088 | Update templates to support latest iControl API for F5 BIGIP v12.0.0. |
Fixed issues
Version 2.5.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues.
| Date | Issue number | Description |
|---|---|---|
| 2016-05-19 | ADDON-9548 | "get_location" listed twice under Management.Device in prebuilt Standard_Management template. |
| 2016-05-16 | ADDON-9183 | "get_description" listed twice under Management.Device in prebuilt Standard_Management template. |
| 2016-05-16 | ADDON-9319 | f5_bigip-icontrol is defined in props.conf but not defined in transforms.conf stanza. Remove f5_bigip-icontrol from props.conf. |
| 2016-05-16 | ADDON-9171 | In events from the modular input, the host value of the event is set as the Splunk instance IP address instead of the F5 server IP address. The host field value of an event should be the name of the physical device from which the event originates. |
| 2016-05-16 | ADDON-9116 | Audit events misidentified as Malware/IDS attack. Set sourcetype to "f5:bigip:syslog" for new events of Audit ASM log. |
| 2016-04-28 | ADDON-9084 | Error message in log when connect to F5 12.0: Exception (it may be caused by unreachable F5 server "10.66.131.217" or wrong iControl API "GlobalLB.WideIP.get_wideip" in configured template). |
| 2016-04-26 | ADDON-9068 | f5_bigip_service field should be divided into "service" and "pid" for the source type "f5:bigip:apm:syslog". |
| 2016-04-25 | ADDON-9010 | "dest_ip" and "src_ip" in eventtype f5_bigip_apm_acl_applied_result is not available. |
| 2016-04-16 | ADDON-8589 | UI cannot show when using base URL via reverse proxy. |
| 2016-04-12 | ADDON-7401 | BigIP 12.0.0 compatibility fix: a new field named "partition" has been added for F5 BIGIP v12.0.0 APM for which the source type is "f5:bigip:apm:syslog". |
| 2016-03-25 | ADDON-7299 | Extractions based on two timestamps instead of one. |
| 2016-03-01 | ADDON-8000 | Inputs enabled by default; should be disabled by default. |
Known issues
Version 2.5.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues.
| Date | Issue number | Description |
|---|---|---|
| 2016-05-18 | ADDON-9539 | Orphan process in modular input when splunkd is down. |
| 2016-01-30 | ADDON-8695 | FIPS mode is not supported by this add-on. For a workaround, see Add-ons and FIPS mode in the Splunk Add-ons manual. |
| 2015/11/20 | ADDON-13159 / SPL-110199 | Add-on has a warning upon startup "Invalid key in stanza [citrix_netscaler] in /opt/splunk/etc/apps/Splunk_TA_f5-bigip/default/inputs.conf, line 4: start_by_shell (value: false)." when running on Splunk 6.3. This warning is invalid and can be ignored. |
| 2016-01-13 | ADDON-5325 | requireClientCert=true in server.conf is not supported by add-ons using modular inputs and REST. If this setting is enabled in server.conf, communication is broken between the modular input and splunkd and the add-on stops collecting data. The following error appears in the splunkd.log: "SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate." The workaround is to set requireClientCert=false.
|
| 2015-10-13 | ADDON-6042 | F5 collects encrypted passwords for the Inventory data model. This supports a valid Enterprise Security use case, but if you do not want to index the encrypted value, you can add a sed script to props.conf. For more details, see Anonymize data in Getting Data In.
|
| 03/24/2015 | ADDON-3421 | Memory usage increases for different events polled at different intervals. |
| 01/16/2015 | ADDON-2773 | When collecting syslog via UDP, the timestamp for the event in Splunk Enterprise does not match the timestamp for the event on an F5 server. |
| 01/11/2015 | ADDON-2761 | The field value of the timestamp is always "none". Workaround: use field _time instead.
|
| 01/08/2015 | ADDON-2860 | In Splunk Web, on the Data Inputs page, the number of F5 BIG-IP inputs is always 0, even if inputs have been configured. |
| 2016-04-28 | ADDON-9115 | Not all message names are added into predefined storage format due to F5 storage format length limitation (1024 characters). |
Third-party software attributions
Version 2.5.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.
Version 2.4.0
Version 2.4.0 of the Splunk Add-on for F5 BIG-IP has the same compatibility specifications as Version 2.5.0.
Upgrade guide
If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 or earlier to the Splunk Add-on for F5 BIG-IP 2.3.0 or later, note that version 2.2.0 and earlier collected data from the Common partition only. After you upgrade to version 2.4.0, by default, data will be collected from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 BIG-IP Servers page (Configurations > Servers) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.
Migration from other add-ons
There is no migration path for the existing add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.
The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.
You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.
| Splunk Add-on for F5 BIG-IP 2.4.0 | Splunk for F5 Access | Splunk for F5 Networks | Splunk for F5 Security | |
|---|---|---|---|---|
| Sourcetype | See the source types topic for a full list | syslog | No default source type | No default source type |
| Domain | LTM, GTM, APM, ASM | APM, FirePass | LTM, AFM | ASM, APM |
| Port | 9514/9515 | 514 | No default port | No default port |
| Splunk platform version | 6.2+ | 4.0 to 6.0 | 4.0 to 6.0 | 4.0 to 6.0 |
New features
Version 2.4.0 of the Splunk Add-on for F5 BIG-IP has the following new features.
| Date | Issue number | Description |
|---|---|---|
| 09-11-2015 | ADDON-6284 | Updates to tags.conf to comply with ITSI load balancer module. |
| 09-11-2015 | ADDON-6134 | Updates to fields and field data types to comply with ITSI load balancer module. Includes the creation of two new lookup files. |
Fixed issues
Version 2.4.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 2015-12-04 | ADDON-6508 | Field men_used_percent gives bad values.
|
| 2015-12-03 | ADDON-6771 | Field ssl-tpl should only calculate with type STATISTIC_SSL_FIVE_SEC_AVG_TOT_CONNS.
|
| 2015-12-03 | ADDON-6382 | Fields protocol_version, wait_thread_count, vip_throughput, and ssl_tps need to be collected for the load balancer module.
|
| 2015-12-02 | ADDON-6512 | Need to collect AVL_STATUS FAILOVER_STATUS as 0 or 1 values instead of strings.
|
| 2015-12-02 | ADDON-6745 | Sum of storage_free, storage_used doesn't match storage.
|
| 2015-12-02 | ADDON-6495 | Field mem is smaller than mem_used.
|
| 2015-12-02 | ADDON-6380 | Alias needed: mem_usage_percent to mem_used_percent.
|
| 2015-11-24 | ADDON-6510 | Missing field storage_used_percent.
|
| 2015-11-12 | ADDON-6120 | Add-on does not index cpu_mhz.
|
| 2015-10-27 | ADDON-6138 | Device configuration: some logs are mis-identified as "f5:ltm:failed:irule". |
Known issues
Version 2.4.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues.
| Date | Issue number | Description |
|---|---|---|
| 2016-01-30 | ADDON-7646 | FIPS mode is not supported by this add-on. For a workaround, see Add-ons and FIPS mode in the Splunk Add-ons manual. |
| 2016-01-13 | ADDON-5325 | requireClientCert=true in server.conf is not supported by add-ons using modular inputs and REST. If this setting is enabled in server.conf, communication is broken between the modular input and splunkd and the add-on stops collecting data. The following error appears in the splunkd.log: "SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate." The workaround is to set requireClientCert=false.
|
| 2015-10-13 | ADDON-6042 | F5 collects encrypted passwords for the Inventory data model. This supports a valid Enterprise Security use case, but if you do not want to index the encrypted value, you can add a sed script to props.conf. For more details, see Anonymize data in Getting Data In.
|
| 03/24/2015 | ADDON-3421 | Memory usage increases for different events polled at different intervals. |
| 01/16/2015 | ADDON-2773 | When collecting syslog via UDP, the timestamp for the event in Splunk Enterprise does not match the timestamp for the event on an F5 server. |
| 01/11/2015 | ADDON-2761 | The field value of the timestamp is always "none". Workaround: use field _time instead.
|
| 01/08/2015 | ADDON-2860 | In Splunk Web, on the Data Inputs page, the number of F5 BIG-IP inputs is always 0, even if inputs have been configured. |
Third-party software attributions
Version 2.4.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.
Version 2.3.0
Version 2.3.0 has the same compatibility specifications as Version 2.4.0.
Upgrade Guide
If you are upgrading from the Splunk Add-on for F5 BIG-IP 2.2.0 to the Splunk Add-on for F5 BIG-IP 2.3.0, note that version 2.2.0 collected data from the Common partition only. After you upgrade to version 2.3.0, by default, data will be collected from all of the partitions on the F5 BIG-IP servers that are configured for data collection. You can change this by editing your existing server configuration on the Manage F5 BIG-IP Servers page (Configurations -> Servers) and updating the Partitions field. If you want to continue to collect data from only the Common partition, type Common in this field and click Update.
Migration guide
There is no migration path for the existing add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.
The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.
You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.
| Splunk Add-on for F5 BIG-IP 2.3.0 | Splunk for F5 Access | Splunk for F5 Networks | Splunk for F5 Security | |
|---|---|---|---|---|
| Sourcetype | See the source types topic for a full list | syslog | No default source type | No default source type |
| Domain | LTM, GTM, APM, ASM | APM, FirePass | LTM, AFM | ASM, APM |
| Port | 9514/9515 | 514 | No default port | No default port |
| Splunk platform version | 6.2+ | 4.0 to 6.0 | 4.0 to 6.0 | 4.0 to 6.0 |
New features
Version 2.3.0 of the Splunk Add-on for F5 BIG-IP has the following new features.
| Date | Issue number | Description |
|---|---|---|
| 08/27/15 | ADDON-3999 | Added support for gathering data from other partitions in addition to the Common partition. A new field named Partitions has been added to the Add F5 BIG-IP Server dialog where the names of the partitions from which to collect data can be specified. In addition, a new field named f5_bigip_partition_name has been included in events to indicate the partition that an event came from. Also updated the template format.
|
Fixed issues
Version 2.3.0 of the Splunk Add-on for F5 BIG-IP has the following fixed issues.
| Date | Issue number | Description |
|---|---|---|
| 08/27/15 | ADDON-4866 | Controls in add-on not available when using a custom Splunk path. |
Known issues
Version 2.3.0 of the Splunk Add-on for F5 BIG-IP has the following reported known issues.
| Date filed | Issue number | Description |
|---|---|---|
| 2015-12-03 | ADDON-6771 | Field ssl-tpl should only calculate with type STATISTIC_SSL_FIVE_SEC_AVG_TOT_CONNS.
|
| 2015-12-02 | ADDON-6745 | Sum of storage_free, storage_used doesn't match storage.
|
| 2015-11-18 | ADDON-6512 | Need to collect AVL_STATUS FAILOVER_STATUS as 0 or 1 values instead of strings.
|
| 2015-11-18 | ADDON-6510 | Missing field storage_used_percent.
|
| 2015-11-18 | ADDON-6495 | Field mem is smaller than mem_used.
|
| 2015-11-18 | ADDON-6508 | Field men_used_percent gives bad values.
|
| 2015-11-10 | ADDON-6382 | Fields protocol_version, wait_thread_count, vip_throughput, and ssl_tps need to be collected for the load balancer module.
|
| 2015-11-10 | ADDON-6380 | Alias needed: mem_usage_percent to mem_used_percent.
|
| 2015-10-22 | ADDON-6138 | Device configuration: some logs are mis-identified as "f5:ltm:failed:irule". |
| 2015-10-20 | ADDON-6120 | Add-on does not index cpu_mhz.
|
| 2015-10-13 | ADDON-6042 | F5 collects encrypted passwords for the Inventory data model. This supports a valid Enterprise Security use case, but if you do not want to index the encrypted value, you can add a sed script to props.conf. For more details, see Anonymize data in Getting Data In.
|
| 03/24/15 | ADDON-3421 | Memory usage increases for different events polled at different intervals. |
| 01/16/15 | ADDON-2773 | When collecting syslog via UDP, the timestamp for the event in Splunk Enterprise does not match the timestamp for the event on an F5 server. |
| 01/11/15 | ADDON-2761 | The field value of the timestamp is always "none". Workaround: use field _time instead. |
| 01/08/15 | ADDON-2860 | In Splunk Web, on the Data Inputs page, the number of F5 BIG-IP inputs is always 0, even if inputs have been configured. |
Third-party software attributions
Version 2.3.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.
Version 2.2.0
Version 2.2.0 of the Splunk Add-on for F5 BIG-IP was compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.1 and above |
| CIM | 4.2, 4.1 |
| Platforms | Platform independent |
| Vendor Products | F5 BIG-IP 10.1 and above. Licensed LTM, GTM, APM, and ASM modules. |
Migration Guide
There is no migration path for the existing add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.
The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, APM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.
You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.
| Splunk Add-on for F5 BIG-IP 2.2.0 | Splunk for F5 Access | Splunk for F5 Networks | Splunk for F5 Security | |
|---|---|---|---|---|
| Sourcetype | See the source types topic for a full list | syslog | No default source type | No default source type |
| Domain | LTM, GTM, APM, ASM | APM, FirePass | LTM, AFM | ASM, APM |
| Port | 9514/9515 | 514 | No default port | No default port |
| Splunk platform version | 6.1, 6.2 | 4.0 to 6.0 | 4.0 to 6.0 | 4.0 to 6.0 |
New features
Version 2.2.0 of the Splunk Add-on for F5 BIG-IP had the following new features.
| Date | Issue number | Description |
| 04/17/15 | ADDON-1476 | Support for F5 BIG-IP Access Policy Manager (APM). |
Known issues
Version 2.2.0 of the Splunk Add-on for F5 BIG-IP had the following reported known issues.
| Date | Issue number | Description |
| 03/24/15 | ADDON-3421 | Memory usage increases for different events polled at different intervals. |
| 01/16/15 | ADDON-2773 | When collecting syslog via UDP, the timestamp for the event in Splunk platform does not match the timestamp for the event on an F5 server. |
| 01/11/15 | ADDON-2761 | The field value of the timestamp is always "none". Workaround: use field _time instead. |
| 01/08/15 | ADDON-2860 | In Splunk Web, on the Data Inputs page, the number of F5 BIG-IP inputs is always 0, even if inputs have been configured. |
Third-party software attributions
Version 2.2.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.
Version 2.1.0
Version 2.1.0 of the Splunk Add-on for F5 BIG-IP was compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.1 and above |
| CIM | 4.2, 4.1 |
| Platforms | Platform independent |
| Vendor Products | F5 BIG-IP 10.1 and above. Licensed LTM, GTM, and ASM modules. |
Migration Guide
There is no migration path for the existing add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.
The Splunk Add-on for F5 BIG-IP is a Splunk supported add-on for the LTM, GTM, and ASM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.
You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, as long as the add-ons do not share the same port or source types.
| Splunk Add-on for F5 BIG-IP 2.0.0 | Splunk for F5 Access | Splunk for F5 Networks | Splunk for F5 Security | |
|---|---|---|---|---|
| Sourcetype | See the source types topic for a full list | syslog | No default source type | No default source type |
| Domain | LTM, GTM, ASM | APM, FirePass | LTM, AFM | ASM, APM |
| Port | 9514/9515 | 514 | No default port | No default port |
| Splunk platform version | 6.1, 6.2 | 4.0 to 6.0 | 4.0 to 6.0 | 4.0 to 6.0 |
New features
Version 2.1.0 of the Splunk Add-on for F5 BIG-IP had the following new features.
| Date | Issue number | Description |
| 03/18/15 | ADDON-331 | Support for F5 BIG-IP Application Security Manager (ASM). |
| 03/25/15 | ADDON-3463 | Source types renamed to follow best practices. Backwards compatible with previous naming. |
Known issues
Version 2.1.0 of the Splunk Add-on for F5 BIG-IP had the following reported known issues.
| Date | Issue number | Description |
| 03/24/15 | ADDON-3421 | Memory usage increases for different events polled at different intervals. |
| 01/16/15 | ADDON-2773 | When collecting syslog via UDP, the timestamp for the event in Splunk platform does not match the timestamp for the event on an F5 server. |
| 01/11/15 | ADDON-2761 | The field value of the timestamp is always "none". Workaround: use field _time instead. |
| 01/08/15 | ADDON-2860 | In Splunk Web, on the Data Inputs page, the number of F5 BIG-IP inputs is always 0, even if inputs have been configured. |
Third-party software attributions
Version 2.1.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.
Version 2.0.0
Version 2.0.0 of the Splunk Add-on for F5 BIG-IP was compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.1 and above |
| CIM | 4.1 |
| Platforms | Platform independent |
| Vendor Products | F5 BIG-IP 10.1 and above. Licensed LTM and GTM modules. |
Migration Guide
There is no migration path for the existing add-ons on Splunkbase to the Splunk Add-on for F5 BIG-IP.
The Splunk Add-on for F5 BIG-IP is a new Splunk supported add-on for the LTM and GTM BIG-IP modules. It does not replace existing add-ons on Splunkbase that collect data from F5 devices.
You can install the Splunk Add-on for F5 BIG-IP into an existing Splunk platform deployment that has the other add-ons installed, so long as the add-ons do not share the same port or source types.
| Splunk Add-on for F5 BIG-IP 2.0.0 | Splunk for F5 Access | Splunk for F5 Networks | Splunk for F5 Security | |
|---|---|---|---|---|
| Sourcetype | f5_bigip:icontrol*, f5_bigip:irule*, f5_bigip:syslog | syslog | No default source type | No default source type |
| Domain | LTM, GTM | APM, FirePass | LTM, AFM | ASM, APM |
| Port | 9514 | 514 | No default port | No default port |
| Splunk platform version | 6.1, 6.2 | 4.0 to 6.0 | 4.0 to 6.0 | 4.0 to 6.0 |
New features
Version 2.0.0 of the Splunk Add-on for F5 BIG-IP had the following new features.
| Date | Issue number | Description |
| 12/28/14 | ADDON-467 | Splunk-supported add-on providing CIM-compatible inputs for LTM and GTM technologies. |
Known issues
Version 2.0.0 of the Splunk Add-on for F5 BIG-IP had the following reported known issues.
| Date | Issue number | Description |
| 03/24/15 | ADDON-3421 | Memory usage increases for different events polled at different intervals. |
| 01/16/15 | ADDON-2773 | When collecting syslog via UDP, the timestamp for the event in Splunk platform does not match the timestamp for the event on an F5 server. |
| 01/11/15 | ADDON-2761 | The field value of the timestamp is always "none". Workaround: use field _time instead. |
| 01/08/15 | ADDON-2860 | In Splunk Web, on the Data Inputs page, the number of F5 BIG-IP inputs is always 0, even if inputs have been configured. |
Third-party software attributions
Version 2.0.0 of the Splunk Add-on for F5 BIG-IP incorporates the following third-party software or libraries.
| Release notes for the Splunk Add-on for F5 BIG-IP |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!