We're currently trying to get the bigipafm fileset in the F5 module to parse the logs that are incoming from the F5 appliance. The documentation is missing the required log format, as well as the F5 AFM versions that are supported.
There is an example log in https://github.com/elastic/beats/blob/master/x-pack/filebeat/module/f5/bigipafm/test/generated.log but it does not match what we're getting from the appliance. A redacted sample string from our input:
<13>Dec 14 15:10:20 afm-h14lb-8 afmlog /Common/vlan124 22.214.171.124:49268 EN/Norfolk via /Common/vlan10-ACME-dmz-IN --> 126.96.36.199:443 TCP Accept Rule auth.ACME.test
Does someone have experience regarding the settings that are required on the F5 side to make the module's parsing script work?