[Integrations] F5 Integration, Radware Integration Out Of Date

Elastic Stack Elastic Agent
1

F5 and Radware integrations are deprecated. Let me explain, it is not normal that they have an intermediate parser in JS (without posibility of change fron integration), it is practically better to let the message through and parse it entirely with pipelines. Maintaining a JS that parses the syslog is absurd, you lose control of the data. In addition, the documentation does not mention anything at all about this fact, which is basically 80 percent of the module.

My proposal:

  1. Create the pipeline with the standard syslog format like the rest of the modules.

  2. Delete intermediary JS (it is impossible to modify from the fleet), in short it is anti-centralizable.

  3. Do not keep such old integrations because this will alienate any possible interest in elasticsearch, since it is absolutely impossible if you are a newbie to understand what happens before the pipeline.

In this post I am not asking for help, since obviously we have refused to use these modules because they bring more problems than anything else, it is simply a suggestion so that people who try it for the first time do not think that it is useless.

These little things are what make you opt for one product or another.

Personally I would never put a module without having tested it:

  1. Standard.
  2. Adding fields.
  3. Above all and most importantly without compatibility with the operation of elastic agent.

In summary, these 2 integrations, instead of helping, harm.

2

@cmendez92 These Technical Preview integrations were intentionally shipped as Technical Preview, with the aim of gathering feedback and iterating on those integrations as they move towards fully supported GA integrations. I completely understand the frustration around these integrations - our users deserve high quality, fully supported integrations.

For many of these integrations, we have already replaced them with new integrations built from scratch (in partnership with the various vendors), with more to come. As an example, you can view the F5 BIG-IP PR we are currently working on, which will replace the current F5 tech preview integration. It includes support for all BIG-IP services and has improved ECS Mappings and dashboards.

3

@cmendez92 our new F5 BIG-IP integration with Elastic Agent is now available if you'd like to try it out: integrations/packages/f5_bigip at main · elastic/integrations · GitHub

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.