{"id":20329726,"url":"https://github.com/f5devcentral/application-study-tool","last_synced_at":"2026-02-19T19:04:04.113Z","repository":{"id":254498729,"uuid":"846187083","full_name":"f5devcentral/application-study-tool","owner":"f5devcentral","description":"The Application Study Tool provides enhanced insights into (classic) BIG-IP products, leveraging best in class open source telemetry tools","archived":false,"fork":false,"pushed_at":"2025-09-15T21:05:13.000Z","size":33533,"stargazers_count":92,"open_issues_count":37,"forks_count":36,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-09-15T22:30:51.224Z","etag":null,"topics":["big-ip","bip","cbip","f5"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/f5devcentral.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"code_of_conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-08-22T17:41:01.000Z","updated_at":"2025-09-15T21:03:14.000Z","dependencies_parsed_at":"2024-10-23T01:46:19.508Z","dependency_job_id":"f97de27b-640f-4e6e-a3b6-b34ed36e0ef2","html_url":"https://github.com/f5devcentral/application-study-tool","commit_stats":null,"previous_names":["f5devcentral/application-study-tool"],"tags_count":21,"template":false,"template_full_name":null,"purl":"pkg:github/f5devcentral/application-study-tool","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f5devcentral%2Fapplication-study-tool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f5devcentral%2Fapplication-study-tool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f5devcentral%2Fapplication-study-tool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f5devcentral%2Fapplication-study-tool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/f5devcentral","download_url":"https://codeload.github.com/f5devcentral/application-study-tool/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f5devcentral%2Fapplication-study-tool/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29627727,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-19T18:02:07.722Z","status":"ssl_error","status_checked_at":"2026-02-19T18:01:46.144Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["big-ip","bip","cbip","f5"],"created_at":"2024-11-14T20:13:08.764Z","updated_at":"2026-02-19T19:04:04.107Z","avatar_url":"https://github.com/f5devcentral.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Application Study Tool\n\n## Overview\n\n\u003e Prior to installation, please see the [AST Docsite](https://f5devcentral.github.io/application-study-tool/) for detailed\nconfiguration, troubleshooting (REST changes, HIGH CPU on control plane) info, etc.\n\n\u003e See the [F5 Application Study Tool Labs](https://clouddocs.f5.com/training/community/ast/html/) for an educational guided lab experience.\n\u003e \n\u003e For enabling HTTPS within Grafana, see the [Make Grafana Listen on HTTPS guide](https://community.f5.com/kb/technicalarticles/application-study-tool-make-grafana-listen-on-https/341728) for guidance.\n\u003e\n\u003e To review ideas on integrating your secrets with a vault, see the [Integrating your secrets with Hashi vault](https://community.f5.com/kb/TechnicalArticles/f5-app-study-tool-with-passwords-stored-in-vault/341155) for further information.\n\nThe F5 Application Study Tool is intended to provide enhanced insights into (classic) BIG-IP products, leveraging best in class\nopen source telemetry tools. The full installation includes:\n\n* Custom Instance of OpenTelemetry Collector with enhanced BIG-IP data receivers (data fetched via iControlRest) [Full List of Metrics Collected](pages/components/otel_collector/receiver_metrics.md).\n* Prometheus timeseries database for storing and querying collected data.\n* Grafana Instance with pre-configured dashboards for quick insights at the device and \"fleet\" levels.\n\nThe Application Study Tool has everything needed to quickly get up and running with application insights at less than\nproduction levels of reliability. For production/operational use cases, you can build on the included components,\naccounting for things like high availability, enhanced security via e.g. Grafana OIDC integration, and similar. Alternatively,\nthe Opentelemetry Collector can be configured to send data to existing production ops monitoring tools as desired.\n\n![](./pages/assets/ui.gif)\n\n## Getting Started\n\n### Prerequisites\n\n[Git Client](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)\n\nDocker (or compatible) container environment with compose.\n\nInstallation Instructions:\n  * [General (docker engine)](https://docs.docker.com/engine/install/)\n  * [Ubuntu (docker engine)](https://docs.docker.com/engine/install/ubuntu/)\n  * [RHEL (docker engine)](https://docs.docker.com/engine/install/rhel/)\n  * [Podman](https://podman.io/docs/installation)\n\n### Installation\n\nClone the repo or download source tarball from the [release](https://github.com/f5devcentral/application-study-tool/releases) section.\n\n```shell\n# Clone the repo\ngit clone https://github.com/f5devcentral/application-study-tool.git\ncd application-study-tool\n# Edit the following file with Grafana variables as required\ncp .env-example .env\n# Edit the following file with device secrets as required (see \"Configure Device Secrets\" below)\ncp .env.device-secrets-example .env.device-secrets\n# Edit the default settings for your environment as required\n# (see \"Configure Default Device Settings\" below)\nvi ./config/ast_defaults.yaml\n# Edit the config file with device / connection info\n# (see \"Configure Devices To Scrape\" below)\nvi ./config/bigip_receivers.yaml\n# Run the configuration generator\ndocker run --rm -it -w /app -v ${PWD}:/app --entrypoint /app/src/bin/init_entrypoint.sh python:3.12.6-slim-bookworm --generate-config\n# Start the tool (use `docker compose up -d` to start in background mode)\ndocker compose up\n```\n\n## Configuration\n\nFor additional configuration management background, see\n[AST Configuration Management Overview](https://f5devcentral.github.io/application-study-tool/config).\nThe below assumes you're using the config_helper script for assisted management.\n\n\nApplication Study Tool config management relies on default configs in\n[/configs/ast_defaults.yaml](/config/ast_defaults.yaml) and device specific information in\n[/configs/bigip_receivers.yaml](/config/bigip_receivers.yaml).\n\nSettings in the bigip_receivers.yaml override those in ast_defaults.yaml.\n\n\n## Configure Default Device Settings\n\nEdit config/ast_defaults.yaml to reflect common values for your BIG-IPs:\n```yaml\n# These configs are applied to each entry in the bigip_receivers file\n# where they don't contain an equivalent / overriding entry.\nbigip_receiver_defaults:\n  # The time to wait between metric collection runs\n  collection_interval: 60s\n  # The username to login to the device with\n  username: admin\n  # The password (not recommended) or a reference to an env variable (recommended)\n  # Below tells the collector to look for an environment variable named\n  # BIGIP_PASSWORD_1\n  password: \"${env:BIGIP_PASSWORD_1}\"\n  # The data_types that should be enabled or disabled.\n  # These are disabled by default and users can enable those modules\n  # on all devices by setting the below to true.\n  # A full list of data_types is at https://f5devcentral.github.io/application-study-tool/components/otel_collector/receiver_readme.html.\n  data_types:\n    f5.apm:\n      enabled: false\n    f5.cgnat:\n      enabled: false\n    f5.dns:\n      enabled: false\n    f5.dos:\n      enabled: false\n    f5.firewall:\n      enabled: false\n    f5.gtm:\n      enabled: false\n    f5.policy.api_protection:\n      enabled: false\n    f5.policy.asm:\n      enabled: false\n    f5.policy.firewall:\n      enabled: false\n    f5.policy.ip_intelligence:\n      enabled: false\n    f5.policy.nat:\n      enabled: false\n    f5.profile.dos:\n      enabled: false\n  # The TLS settings to use. Either a CA file must be specified or\n  # insecure_skip_verify set to true (not recommended).\n  tls:\n    # Secure TLS communication requires mounting the certificate bundle\n    # used to sign the BigIP certificates. Though not recommended, in the\n    # case of self-signed certificates or for testing purposes, you can skip\n    # this check by setting this field to true.\n    insecure_skip_verify: false\n    # The path to a CA File used to validate BIG-IP certificates. This is required\n    # if tls_insecure_skip_verify is set to false. See below for details.\n    ca_file: \"\"\n```\n\n## Configure Devices To Scrape\nEdit the device list in config/bigip_receivers.yaml:\n```yaml\n#### Values not explicitly configured here inherit values in ast_defaults.yaml.\n#### Each entry must have a unique name, starting with bigip/ \n#### (e.g. bigip/1, bigip/2)\nbigip/1:\n  #### Endpoint must be specified for each device\n  #### because there's no rational default.\n  #### Set this to the management IP for the device. This must be\n  #### reachable from the Application Study Tool host.\n  endpoint: https://10.0.0.1\n  #### Override some default settings with device specific values\n  username: SOME_OVERRIDE_ACCOUNT_NAME\n  password: \"${SOME_OTHER_ENV_VAR_WITH_ANOTHER_PASSWORD}\"\n  #### Everything commented out here gets the value from default\n  # collection_interval: 30s\n  # data_types:\n  #   f5.dns:\n  #     enabled: false\n  #   f5.gtm:\n  #     enabled: false\n  # tls:\n  #   insecure_skip_verify: true\n  #   ca_file:\nbigip/2:\n  endpoint: https://10.0.0.2\n```\n\n\n## Configure Device Secrets\nThe application study tool default configuration relies on environment variables\nwhich contain device access credentials. There are a number of ways to manage and\ninject secrets into a container environment (modifications to the docker-compose file\nto support your preferred management process are encouraged), but for simplicity,\nif there is a file named .env.device-secrets in the root project directory they will be\nmounted.\n\nCreate a file called .env.device-secrets, and add your BIP passwords like so:\n```\nBIGIP_PASSWORD_1=foo-bar123!\nBIGIP_PASSWORD_2=bar-foo123!\n```\n\u003e **Note:** Ensure that the permissions on the (_.env.device-secrets_) file are restricted to allow read access only to the user running the Docker containers.\n\u003e This ensures that credential information remains protected from unauthorized access.\n\nThe variable name (the part on the left of the equal sign) must match the configured\nvalue for the devices that use this password in config/ast_defaults.yaml or device specific\nconfig in config/bigip_receivers.yaml. In the following example, bigip/1 uses BIGIP_PASSWORD_1\nfrom  the defaults and bigip/2 uses BIGIP_PASSWORD_2 from the device settings:\n\n```\n##############################\n## config/ast_defaults.yaml \n##############################\n\nbigip_receiver_defaults:\n  ...\n  password: \"${env:BIGIP_PASSWORD_1}\"\n  ...\n\n##############################\n## config/bigip_receivers.yaml\n##############################\n\n# This gets the default \"${env:BIGIP_PASSWORD_1}\"\nbigip/1:\n  endpoint: https://10.0.0.1\n\n# This overrides it with \"${env:BIGIP_PASSWORD_2}\"\nbigip/2:\n  endpoint: https://10.0.0.1\n  password: ${env:BIGIP_PASSWORD_2}\n\n```\n\n\n## Configure Periodic Metric Data Export To F5\nThe application study tool can be configured to periodically (every 5 minutes) export a snapshot of your\nBigIP metrics to F5. Contact your F5 Sales Representative for a \"Sensor ID\" (a unique string used to associate\nyour metrics with your Organization) and a \"Sensor Secret Token\" (used to authenticate to the F5 Datafabric as\nan authorized data sender for your Org).\n\nThis functionality is enabled as follows:\n\n1. Enable the flag in [config/ast_defaults.yaml](config/ast_defaults.yaml) file as follows:\n\n```yaml\n# Set this true to enable periodic metric export to F5 DataFabric.\n# Requires adding your sensor ID and secret token to the container environment (see .env-example).\n# Contact your F5 sales rep to obtain the ID / secret token.\nf5_data_export: true\n```\n\n2. Add the Sensor ID and Secret Token to the .env file, or otherwise attach it to the Opentelemetry Collector container\nas SENSOR_ID and SENSOR_SECRET_TOKEN (see [.env-example](./.env-example) for example).\n\n3. Run the configuration helper script (see below).\n\n## Run The Configuration Helper\nThe config helper script can be run natively or via docker to merge the default and device\nlevel configs into the final OTEL Collector config from the project root directory as follows:\n\n**Run With Docker**\n```bash\n# Run the configuration generator from the project root directory\n# If `echo $PWD` doesn't give you the current directory on your system,\n# replace the '-v ${PWD}' section with '-v /path/to/your/directory'\n$ docker run --rm -it -w /app -v ${PWD}:/app --entrypoint /app/src/bin/init_entrypoint.sh python:3.12.6-slim-bookworm --generate-config\n```\n\n**Run With System Python**\n```bash\n$ pip install PyYAML==6.0.2\n$ python /app/src/config_helper.py --generate-config\n```\n\nThis will write 2 new files in the services/otel_collector directory:\n\n* `receivers.yaml` - The final list of scraper configs and their settings.\n* `pipelines.yaml` - The final pipeline configs that map receivers to output destinations\n(prometheus, and optionally F5).\n\n## Adding New Devices or Updating Configs\nTo add new devices or update the config after changes to the ast_defaults.yaml or receivers.yaml files,\nre-run the config helper script as shown above and then restart the otel collector container.\n\n## Account Permissions\nThe vast majority of telemetry data can be collected with read-only access to the BigIP. Some\ngranular stats are only available as output to a iControl Rest 'bash' shell command, and\nthese require read-write access.\n\nIf a read-only account is used, the following metrics are unavailable:\n\n```\nf5_virtual_server_profile_client_ssl_connection_count{}\nf5_virtual_server_profile_client_ssl_bytes_out_total{}\nf5_virtual_server_profile_http_responses_total{}\nf5_virtual_server_profile_http_requests_total{}\nf5_virtual_server_profile_client_ssl_records_out_total{}\nf5_plane_cpu_count{}\nf5_virtual_server_profile_client_ssl_insecure_handshake_rejects_total{}\nf5_virtual_server_profile_client_ssl_premature_disconnects_total{}\nf5_virtual_server_profile_client_ssl_renegotiations_total{}\nf5_virtual_server_profile_client_ssl_connection_max{}\nf5_virtual_server_profile_client_ssl_insecure_handshake_accepts_total{}\nf5_virtual_server_profile_client_ssl_bytes_in_total{}\nf5_virtual_server_profile_client_ssl_handshake_count{}\nf5_virtual_server_profile_client_ssl_records_in_total{}\nf5_virtual_server_profile_client_ssl_connection_total{}\nf5_policy_ip_intelligence_feed_list_count{}\nf5_policy_ip_intelligence_info{}\nf5_virtual_server_profile_client_ssl_secure_handshakes_total{}\nf5_policy_ip_intelligence_generation{}\nf5_pool_member_bytes_in_total{}\nf5_pool_member_bytes_out_total{}\nf5_pool_member_connection_count{}\nf5_pool_member_connections_total{}\nf5_pool_member_requests_total{}\nf5_pool_member_session_count{}\nf5_pool_member_packets_in_total{}\nf5_pool_member_packets_out_total{}\nf5_plane_cpu_utilization_5s{}\n```\n\nThis will impact data output in several dashboards/panels (denoted with description fields indicating as such).\n\nYou can disable attempts to collect bash information with `enable_bash_collection: false` at the appropriate level (global or device).\n\n```yaml\nbigip/1:\n  endpoint: https://10.0.0.1\n  enable_bash_collection: false\n  #...\n```\n\n### Configure CA File\nAST expects a valid TLS cert bundle unless `tls.insecure_skip_verify` is\nset to true for each device. In order to mount and use your CA file, you must\nconfigure the docker-compose.yaml file in this directory, and set the `ca_file` parameter to\nthe resulting path. Example:\n\ndocker-compose.yaml:\n```yaml\n  ...\n  otel-collector:\n    ...\n    volumes:\n      - ./services/otel_collector:/etc/otel-collector-config\n      - ./config/ca_bundle.pem:/etc/ssl/ca_bundle.pem\n```\n\nconfig/ast_defaults.yaml (or the tls section of each device in config/bigip_receivers.yaml):\n```yaml\nbigip_receiver_defaults:\n  ...\n  tls:\n    insecure_skip_verify: false\n    ca_file: \"/etc/ssl/ca_bundle.pem\"\n```\n\nThe configuration parameter `tls.insecure_skip_verify` defaults to false. Installers\nwho would like to opt-in to run in an insecure TLS mode must set\n`tls.insecure_skip_verify: true` and understand\nthat the connection between the OTEL collector and the BIG-IP does not have secure\nTLS termination.\n\n### Configure Grafana\nThe Grafana instance can be configured via environment variables using their standard\n[options](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#override-configuration-with-environment-variables).\n\nThe included .env-example can be copied over and modified to set the initial admin\npassword to a value you select:\n\n```\ncp .env-example .env\n\u003cedit .env with desired admin password and any other variables\u003e\n```\n\n### Run Application Study Tool\nAfter the above configurations have been made, start the tool with:\n\n```shell\n# `docker compose up -d` to start in background mode\ndocker compose up\n```\n\n#### View The Dashboards\nThe default Grafana user/pass is `admin/admin`, and can be accessed at\n`http://\u003chostname\u003e:3000`. If HTTPS is configured, use `https://\u003chostname\u003e:3001`.\n\n\n## Updating AST Versions\nUpdating to a new release of the AST repo can be done with the following general process:\n\n1. Review the release notes for all intermediate versions and check for warnings about\nspecial instructions / breaking changes.\n2. Backup your ast_defaults.yaml and bigip_receivers.yaml files.\n3. Stash changes, update the repo state, and unstash changes as follows:\n```shell\ngit stash\ngit fetch --tags\ngit pull origin main\ngit checkout tags/RELEASE_VERSION #(e.g. tags/v0.9.6)\ngit stash pop\n# \u003cmerge any conflicts with your local changes\u003e\n# \u003cre-run config scripts\u003e\ndocker compose down\n# `docker compose up -d` to start in background mode\ndocker compose up\n```\n## Support\n\nFor support, please open a GitHub issue.  Note, the code in this repository is community supported and is not supported by F5 Networks.  For a complete list of supported projects please reference [SUPPORT.md](SUPPORT.md).\n\n## Community Code of Conduct\n\nPlease refer to the [F5 DevCentral Community Code of Conduct](code_of_conduct.md).\n\n## License\n\n[Apache License 2.0](LICENSE)\n\n## Copyright\n\nCopyright 2014-2025 F5 Networks Inc.\n\n### F5 Networks Contributor License Agreement\n\nBefore you start contributing to any project sponsored by F5 Networks, Inc. (F5) on GitHub, you will need to sign a Contributor License Agreement (CLA).\n\nIf you are signing as an individual, we recommend that you talk to your employer (if applicable) before signing the CLA since some employment agreements may have restrictions on your contributions to other projects.\nOtherwise by submitting a CLA you represent that you are legally entitled to grant the licenses recited therein.\n\nIf your employer has rights to intellectual property that you create, such as your contributions, you represent that you have received permission to make contributions on behalf of that employer, that your employer has waived such rights for your contributions, or that your employer has executed a separate CLA with F5.\n\nIf you are signing on behalf of a company, you represent that you are legally entitled to grant the license recited therein.\nYou represent further that each employee of the entity that submits contributions is authorized to submit such contributions on behalf of the entity pursuant to the CLA.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ff5devcentral%2Fapplication-study-tool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ff5devcentral%2Fapplication-study-tool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ff5devcentral%2Fapplication-study-tool/lists"}