How to send BIGIP virtual Server Logs[HSL] to ELK

[f5killer]

Hi Team,

Wanted to send BIGIP virtual Server Logs[HSL] to ELK and publish it also. but feel "logstash.conf" is not enough.

F5 Bigip is sending log to ELK logstach.

{"type":"response","@timestamp":"2021-09-01T18:09:48Z","tags":[],"pid":245,"method":"post","statusCode":200,"req":{"url":"/elasticsearch/_msearch?rest_total_hits_as_int=true&ignore_throttled=true","method":"post","headers":{"host":"3.87.141.156:5601","connection":"keep-alive","content-length":"919","accept":"application/json, text/plain, /","kbn-version":"7.4.2","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36","content-type":"application/x-ndjson","origin":"http://3.87.141.156:5601","referer":"http://3.87.141.156:5601/app/kibana","accept-encoding":"gzip, deflate","accept-language":"en-US,en;q=0.9,hi;q=0.8"},"remoteAddress":"223.235.12.xxx","userAgent":"223.235.12.xxxx","referer":"http://3.87.141.156:5601/app/kibana"},"res":{"statusCode":200,"responseTime":12,"contentLength":9},"message":"POST /elasticsearch/_msearch?rest_total_hits_as_int=true&ignore_throttled=true 200 12ms - 9.0B"}

Can you please help me to create the logstash file.

[464d41]

Hi,

Seems to work for me with latest logstash config, BIG-IP v15.1, ELK 7.1. Please give more details on your setup. @f5killer