Task 1: Install the F5 Splunk app in SplunkΒΆ

  1. In the Chrome browser on your Windows jump box, click the bookmark for Splunk to launch the Splunk web UI

  2. On the Splunk Enterprise splash page, if you are prompted for an update, click Skip update

  3. In the Splunk Web GUI, click on the settings button next to Apps (on the left) to Manage Apps

    image14

  4. Click Install app from file

    image15

  5. Click Choose File

  6. In the file browser window, navigate to Desktop > Analytics Lab Files, and choose the f5-networks-analytics-new_100.tgz file and click Open

    image16

  7. Click Upload

    image17

  8. Once the upload is complete, you should see the F5 Networks app listed in the Apps table, with the Status set to Enabled

    image18

  9. Click the Splunk logo in the top-left to go to the start page. You should now see the F5 Networks app listed on the left

    image19

  10. Now click the Settings menu in the top-right, and choose Data inputs

    image20

  11. Click on HTTP Event Collector

    image21

  12. Click on Global Settings in the top-right

    image22

  13. In the Edit Global Settings window:

    • Click on Enabled for All Tokens
    • Ensure that Enable SSL is checked
    • Ensure that HTTP Port Number is set to 8088
    • Click Save

    image23

    Note

    Ensure that all of the above settings are exactly as shown, otherwise no data will show up in Splunk.

  14. Click New Token in the top-right

  15. For the Name, enter F5-Analytics, and then Click Next > at the top

  16. On the Input Settings page, scroll down till you see Default Index, and then click the Create a new index link

    image24

  17. In the New Index window, enter f5-default for the Index Name, and click Save

    image25

  18. In the Select Allowed Indexes table, click f5-default to move it to Selected item(s)

    image26

  19. Click Review at the Top

    image27

  20. Ensure your settings match those shown in the screenshot below, then click Submit

    image28

  21. Once your token has been created, highlight the Token Value for the newly created Token, and copy it to your clipboard (Ctrl-C or Right-click > Copy). We will use this later.

    image29

    Note

    Your token value will be different from the one shown above

  22. Click on the Splunk logo in the top-left to go back to the Splunk start page.