Create a sc4s parser for F5 syslog data #2742
Assignees
Labels
Comments
|
Please let me know if you have any update on this. As business is looking for this case. |
|
Hi We already support F5 https://splunk.github.io/splunk-connect-for-syslog/main/sources/vendor/F5/bigip/ Can you please attach the real pcap in support case and we will pick it up, Probably we will enhance the current parser to support this. |
rjha-splunk
added
enhancement
|
Please attach the real pcap in support case , the attached text file is not enough to append/raise the parser. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Note: If your issue is not a bug or a feature request, please raise a support ticket through our support portal (Splunk.com > Support > Support Portal). This will help us resolve your issue more efficiently and provide you with better assistance. For more information on how to work with the Splunk Support, please refer to this guide.
What is the sc4s version?
3.33.1
Is there a pcap available? If so, would you prefer to attach it to this issue or send it to Splunk support?
NO
What the vendor name?
F5
What's the product name?
F5
If you're requesting support for a new vendor, do you have any preferences regarding the default index and sourcetype for their events?
F5
Do you have syslog documentation or a manual for that device??
Yes
Feature Request description:
provide the new parser for F5 to filter the attached logs
Do you want to have it for local usage or prepare a github PR?*
github PR
F5_RawLogs.txt
Please work with [email protected] for the same
The text was updated successfully, but these errors were encountered: