How to send statistics to Splunk

You can send data from your BIG-IP device(s) to Splunk for analysis. This tutorial leads you through the steps required to send data from a BIG-IP device to a Splunk instance.

Before you begin


tl/dr: Watch the installation video:


Set up Splunk to receive data

  1. Add a new HTTP Event Collector:

    • Click on the Apps gear icon.
    • Go to Settings ‣ Data inputs.
    • Click on HTTP Event Collector.
    • Click on Global Settings.
    • Click on Enabled.
    • Click Save.
    • Click on New Token.
    • Enter a name for the token, then click Next.
    • On the Input Settings screen, click Create a new index.
    • Name the index, then click Save.
    • Make sure the new index is the Default index.
    • Click Review, then click Submit.
    • Record the Token Value Splunk created for your HTTP Event Collector; you’ll configure the BIG-IP system with this value later.
  2. Install the F5 Analytics App.

    • In the Splunk GUI, click on Apps ‣ Find More Apps.
    • Search for “F5 Networks”.
    • Click Install and enter your splunk.com credentials (this is your actual Splunk account, not the instance login).
    • Accept the license agreement, then click the Login and Install button.
    • When the installation is complete, you can view the App, or click Done.
  3. Configure your firewall to allow port 8088 to be open to Splunk.

    Important

    The event collector listens on port 8088 and requires HTTPS.