I would like to use the Splunk Add-on for F5 BIG-IP, but I don't want the add-on to query my device for any logs.
I am currently sending the F5 logs to a folder on the Splunk forwarder through Syslog. I created a local folder in the add-on folder and create an inputs.conf file with the following information:
[monitor://C:\logs\F5]
disable = false
sourcetype = F5:bigip:syslog
However, I don't receive any logs. When I make these changes to other apps, I am able to get some changes. I got an error that logs were received for an unconfigured index. I checked my indexes and noticed the F5 Add-on didn't create any indexes automatically. I looked through the default folder, but couldn't find anywhere the Index was specified. I created a new index, but I still am not getting any logs.
Does anyone know what to do so I can use the Add-on, but use a different input method like the one described above?
Thanks,
↧