F5 ASM Splunk: source and host attributes have wrong data

Question

I configured F5 ASM sending the alerts to splunk. At first I did not install any addons, and realized the logs are weird, and the source and host attributes have wrong data. The "host" attribute has the value "tcp:1514" &nbsp;
I then search the Splunk Apps and installed "Splunk Add-on for F5 BIG-IP." But even I launched "Splunk for F5 Security" to do the searching, it is the same result. &nbsp;
Any ideas? Thanks and really appreciate it!!&nbsp;

chris_grant · Answer

If your ASM is sending improperly formatted logs you need to open a case with support and have them look at it. They can help determine exactly what is happening and help get it fixed. You can reach support by calling 1-888-882-7525 or internationally 800 11 ASK 4 F5. Make sure you have your BigIP's serial number available as you will need it to open the case.

chris_grant · Answer

If your ASM is sending incorrectly formatted data to your splunk server, you need to contact support. They can help determine what is happening and help to get it fixed. You can reach support by calling 1-888-882-7525 or internationally 800 11 ASK 4 F5. Make sure you have your BigIP's serial number available as you will need it to open the case.

Forum Discussion

F5 ASM Splunk: source and host attributes have wrong data

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Setting up F5 Telemetry Streaming with Splunk Cloud

Lightboard Lessons: HTTP Cookie SameSite Attribute

Add SameSite attribute to APM Cookies

How I did it - "Visualizing Data with F5 TS and Splunk"

Set the SameSite Attribute for LTM Persistence Cookies