BLOG

F5 Distributed Cloud Services Enables Analytics with Datadog and Splunk

Scott Laster Thumbnail
Scott Laster
Published December 06, 2022

“What’s going on here?!”

That has got to be among the most common phrases heard in IT departments around the world. “What’s going on here?” “Help me understand the problem so I can come up with a solution.” “Help me understand the threat so I can harden our defenses.”

F5 intends to help address these crucial topics for customers who want to address timely and critical issues about their workloads with F5 Distributed Cloud Web App and API Protection (WAAP) deployed to secure workloads on-prem, across clouds, or at the edge, highlighting security threats, performance, and operations challenges.

Typically, as an example, the most effective way to get to the heart of many security-related problems in a timely manner starts with the right analytics and data visualization tools. Two of the most popular analytics SIEM (Security Information and Event Management) tool vendors are Datadog and Splunk, and now F5 Distributed Cloud WAAP enables professionals in NetOps, DevSecOps, or SecOps to visualize their unruly, unrelenting, and constantly changing data through these SIEM platforms.

Analytics are made possible by F5 Distributed Cloud WAAP providing event-based log streams. Or, to be more precise, these log streams are provided in a common JSON payload format. As always, any JSON captured log stream is just a snapshot in time—but now more than ever, that “log” is a steady stream of data—and in its raw form it can be a fearsome thing.

Taming this beast and making sense of the data is the job of data monitoring and analytics SIEM platforms like Datadog and Splunk, and chief among their capabilities is data visualization in its many forms. Including, of course, visualizing rich, information-packed log streams in a human-readable and intuitive manner that can readily be integrated into an overall SIEM strategy.

Something SIEMs Fishy Here

SIEM is a combination of security information management (SIM; with a focus on storage and analytics of logs, metrics, and other data) and security event management (SEM; focusing on real-time monitoring of events). SIEM includes the best of both worlds and provides real-time monitoring and analytics of the network and the security environment while also allowing tracking and logging for compliance or auditing purposes.

To enable data-driven decision-making, F5 Distributed Cloud WAAP provides logging today to two of the most popular modern SIEM platforms in Datadog and Splunk, with other leading vendors in this space soon to be added. Whether your applications are running within the F5 Global Network, in your own data centers, or elsewhere, you will need clear visualizations and analytics from the LAN to the WAN to AWS, Azure, Google Cloud, and everything in between to answer the question, “What’s going on here?”

F5 Distributed Cloud WAAP Compatibility

F5 Distributed Cloud WAAP is dedicated to ensuring that NetOps, SecOps, and DevSecOps professionals can access its log streams with their favorite SIEM vendor platforms. If you’re already using Splunk or Datadog, it’s only natural you’d expect to be able to tap into a holistic view with the tools you already use—and we’re committed to enabling this for you!

Among the many potential reasons to integrate your SIEM platform with your F5 Distributed Cloud WAAP deployment is the ability to ingest and aggregate routing, network, and client data with WAF, DDoS, or API Protection logs to provide additional context that can improve security and provide insights for troubleshooting.

Whatever you’re looking for in the vast trove of your cloud platform log streams, F5 Distributed Cloud Services help ensure your data visualization and analytics tools deliver all the functionality you expect. Find out how easy it is to get started today with F5 Distributed Cloud WAAP via our simulator experience and, if you are an existing F5 Distributed Cloud Services customer, go here to find out how easy it is to enable analytics with Datadog and Splunk in this demo showing these partner integrations natively available in the F5 Distributed Cloud Console.