“It is a capital mistake to theorize before one has data.” – Sherlock Holmes
Arthur Conan Doyle’s legendary character got a lot right. (His opinion on the importance of data being lumped into that assessment.) But imagine for a moment if this 19th century gumshoe was suddenly transported to 2020—where information is not only ubiquitous but can often be overwhelming. Would he still complain about a lack of data if he needed to solve a security puzzle?
Taken a step further, what if he was tasked with making sense of the security data, event logs, and inputs from the many different devices and services that make up an enterprise network?
Even Holmes’ famous thirst for data would be quenched in that deluge (read: he would definitely drown).
Fortunately, those whose job it is to make sense of (and take action based on) enterprise network information don’t have to rely on fictional detectives from Victorian England. There are solutions that do the heavy lifting—such as Splunk.
Splunk’s Security Information and Event Management (SIEM) solution is used by organizations all over the world to ingest and assimilate a constant stream of unorganized, unstructured, multi-sourced network data into meaningful, consumable, correlated dashboards—helping to drive informed decisions and strategy.
Splunk and F5
Admittedly, one of the “chattier” devices in many enterprise networks is F5 BIG-IP. Because BIG-IP excels at inspecting, analyzing, filtering, and reporting on network traffic, it creates a lot of very useful data. However, parsing and extracting insight from this stream of information is no small feat. This was one of the primary drivers for the development of the Splunk Add-on for F5 BIG-IP. This fully Splunk-supported add-on makes it possible for Splunk administrators to pull network traffic data, system logs, system settings, performance metrics, and traffic stats from their BIG-IPs using syslogs, iRules, and the iControl REST API.
Improving on the Add-on
While this integration provided a ton of value for F5 and Splunk users, both companies also believe in making good things great. One of the ways this is being accomplished is by leveraging the declarative and F5-supported Automation Toolchain—specifically Telemetry Streaming—to improve how BIG-IP and Splunk communicate. Instead of having to input a set of imperative commands—a process that requires F5 subject matter expertise—Telemetry Streaming only needs a single JSON declaration, meaning you tell it the end state you want and it will aggregate, normalize, and forward BIG-IP statistics to Splunk.
"F5 BIG-IP is a very important data source for many security and operations teams. We are strongly urging our joint customers to adopt the new Telemetry Streaming integration. The Telemetry Streaming option is easy to configure and work with thanks to the JSON formatted messages and use of the Splunk HTTP Event Collector (HEC)."
– Mark Karlstrand, Senior Product Manager, Splunk
In addition to overall simplification via declarative interfaces, leveraging Telemetry Streaming as the underlying mechanism for the BIG-IP and Splunk integration means that the data will be pushed from BIG-IP into Splunk rather than pulled—helping to build more automated workflows. This new approach for the Splunk add-on for BIG-IP:
- Simplifies the process of getting data from BIG-IP into Splunk
- Adds more detail to the reporting dashboard
- Helps future proof the integration as F5 continues to invest in declarative interfaces for its products and integrations
- Remains fully supported by F5 (Telemetry Streaming) and Splunk (Add-on for BIG-IP)
The latest version of the add-on for BIG-IP is available now for Splunk customers. You can find it on Splunkbase.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...