Release Notes : BIG-IP Analytics 12.0.0

Applies To:

Show Versions Show Versions

BIG-IP Analytics

  • 12.0.0
Release Notes
Original Publication Date: 05/26/2016 Updated Date: 04/18/2019


This release note documents the version 12.0.0 release of BIG-IP Analytics (AVR). You can apply the software upgrade to systems running software versions 10.1.0 (or later), or 11.x.


Platform support

This version of the software is supported on the following platforms:

Platform name Platform ID
BIG-IP 1600 C102
BIG-IP 3600 C103
BIG-IP 3900 C106
BIG-IP 6900 D104
BIG-IP 8900 D106
BIG-IP 8950 D107
BIG-IP 11050 E102
BIG-IP 2000s, BIG-IP 2200s C112
BIG-IP 4000s, BIG-IP 4200v C113
BIG-IP 5000s, 5050s, 5200v, 5250v C109
BIG-IP 7000s, 7050s, 7055, 7200v, 7250v, 7255 D110
BIG-IP 12250v D111
BIG-IP 10150s-NEBS, 10350v (AC), 10350v-NEBS (requires 12.0.0 HF1) D112
BIG-IP 10000s, 10050s, 10055, 10200v, 10250v, 10255 D113
VIPRION B2100 Blade A109
VIPRION B2150 Blade A113
VIPRION B2250 Blade A112
VIPRION B4200, B4200N Blade A107, A111
VIPRION B4300, B4340N Blade A108, A110
VIPRION C2200 Chassis D114
VIPRION C2400 Chassis F100
VIPRION C4400, C4400N Chassis J100, J101
VIPRION C4480, C4480N Chassis J102, J103
VIPRION C4800, C4800N Chassis S100, S101
Virtual Edition (VE) Z100
vCMP Guest Z101

These platforms support various licensable combinations of product modules. This section provides general guidelines for module support.

Most of the support guidelines relate to memory. The following list applies for all memory levels:

  • vCMP supported platforms
    • VIPRION B2100, B2150, B2250, B4200, B4300, B4340N
    • BIG-IP 5200v, 7200v, 10200v

Memory: 12 GB or more

All licensable module-combinations may be run on platforms with 12 GB or more of memory, and on VE and vCMP guests provisioned with 12 GB or more of memory. Note that this does not mean that all modules may be simultaneously provisioned on all platforms with 12 GB or more of memory. The BIG-IP license for the platform determines which combination of modules are available for provisioning.

Memory: 8 GB

The following guidelines apply to the BIG-IP 2000s, 2200s, 3900, 6900 platforms, to the VIPRION B4100 and B4100N platforms, and to VE guests configured with 8 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus does not fit in this category.)

  • No more than three modules should be provisioned together.
  • On the 2000s and 2200s, Application Acceleration Manager (AAM) can be provisioned with only one other module.
  • In the case of Access Policy Manager (APM) and SWG together, no module other than LTM may be provisioned, and LTM provisioning must be set to None.

Memory: Less than 8 GB and more than 4 GB

The following guidelines apply to platforms, and to VE and vCMP guests provisioned with less than 8 GB and more than 4 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus fits in this category.)

  • No more than three modules (not including AAM) should be provisioned together.
  • Application Acceleration Manager (AAM) cannot be provisioned with any other module; AAM can only be provisioned standalone.
  • Analytics (AVR) counts towards the two module-combination limit (for platforms with less than 6.25 GB of memory).

Memory: 4 GB or less

The following guidelines apply to the BIG-IP 1600 and 3600 platforms, and to VE and vCMP guests provisioned with 4 GB or less of memory.

  • No more than two modules may be configured together.
  • AAM should not be provisioned, except as Dedicated.
  • ASM can be provisioned with this amount of memory, but a sizing exercise should be performed to ensure that it does not hit capacity issues.

vCMP memory provisioning calculations

The amount of memory provisioned to a vCMP guest is calculated using the following formula: (platform_memory- 3 GB) x (cpus_assigned_to_guest/ total_cpus).

As an example, for the B2100 with two guests, provisioned memory calculates as: (16-3) x (2/4) ~= 6.5 GB.

For certain platforms, the vCMP host can allocate a single core to a vCMP guest. However, because a single-core guest has relatively small amounts of CPU resources and allocated memory, F5 supports only the following products or product combinations for a single-core guest:
  • BIG-IP LTM standalone only
  • BIG-IP GTM standalone only
  • BIG-IP LTM and GTM combination only

Configuration utility browser support

The BIG-IP Configuration Utility supports these browsers and versions:

  • Microsoft Internet Explorer 8.x, 11.x
  • Mozilla Firefox 27.x
  • Google Chrome 32.x

BIG-IQ – BIG-IP Compatibility

SOL14592: Compatibility between BIG-IQ and BIG-IP releases provides a summary of version compatibility for specific features between the BIG-IQ system and BIG-IP releases.

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IP Analytics / VE 12.0.0 Documentation page.

New features introduced in 12.0.0

This release includes the following new items.

ASM resources

The system now displays CPU usage of Application Security Manager (ASM) resources, system ASM bypass information, and the system memory usage of ASM resources. To view these statistics, navigate to Statistics > Analytics > ASM Resources .

vCMP reports

While each guest running over vCMP has full or partial visibility for different modules running within it (AVR, ASM, AFM, APM, and so on), in the past, the vCMP host had very limited visibility to different trends regarding resource consumption for each of the guests running within it. In this version, we added the following analytics data:

  • Connection and traffic
  • Hardware Acceleration
  • Memory statistics

We added the following screens to the Statistics > Analytics > vCMP menu: Connection and Traffic, Hardware Acceleration, and Memory.

CGNAT statistics

If you enable CGNAT, you can view active large-scale NAT (LSN) pool statistics in graphical charts on the system. Several charts are available, and they show the following information:

  • Translation endpoints for all active LSN pools.
  • Logging attempts and failures for all LSN pools.
  • Port block allocation (PBA) translations.
  • Port Control Protocol (PCP) requests.

To view these statistics, navigate to Statistics > Analytics > LSN Pools .

Process CPU Utilization statistics

You can now view how much CPU (in percentage) is being used by each process running on your system. To view these statistics, navigate to Statistics > Analytics > Process CPU Utilization .

AVR HTTP reports and DoS Application reports: Show Host name as part of URL by configuration

We enabled the option to display the hostname as part of the URL (for example, some_hostname/index.php). To enable this option, from tmsh, set the database variable Avr.IncludeServerInUri to enable. It is disabled by default (meaning, the hostname is not displayed by default as part of the URL).


modify sys db avr.includeserverinuri value enable

modify sys db avr.includeserverinuri value disable

Exporting reports

You can now export data from the Statistics > Analytics > ASM Resources charts .

Overview screen enhancements

The DoS Overview screen ( Security > Reporting > DoS > Overview ) now displays the total number of attacks, and the number of attacks in progress, according to the following attack severities: high impact attacks, medium impact attacks, and low impact attacks. You can filter which data the system displays on the Overview screen according to DoS types: Application, DNS, SIP, and Network. The attacks table was moved from the DoS Application Attacks screen ( Security > Event Logs > DoS > Application Attacks ) to the DoS Overview screen ( Security > Reporting > DoS > Overview ).

Analytics support for REST API

All Analytics data that is available to users today from the Configuration utility and tmsh commands is also available to query using F5 Network’s REST API. For more information regarding the REST API, read the REST API documentation, at

Reports of PEM subscribers

Analytics now collects and reports information about Policy Enforcement Manager (PEM) subscribers. You can view statistics on the PEM Statistics screen ( Policy Enforcement > Analytics > Statistics ) filtered by subscribers and the subscriber’s name. For more information about PEM, see the PEM documentation on

Installation overview

This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Software, and we strongly recommend that you reference the information to ensure successful completion of the installation process.

Installation checklist

Before you begin:

  • Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility.
  • Update/reactivate your system license, if needed, to ensure that you have a valid service check date.
  • Ensure that your system is running version 10.1.0 or later and is using the volumes formatting scheme.
  • Download the .iso file (if needed) from F5 Downloads to /shared/images on the source for the operation. (If you need to create this directory, use the exact name /shared/images.)
  • Configure a management port.
  • Set the console and system baud rate to 19200, if it is not already.
  • Log on as an administrator using the management port of the system you want to upgrade.
  • Boot into an installation location other than the target for the installation.
  • Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to a safe place on another device.
  • Log on to the standby unit, and only upgrade the active unit after the standby upgrade is satisfactory.
  • Turn off mirroring.
  • If you are running Application Acceleration Manager, set provisioning to Minimum.
  • If you are running Policy Enforcement Manager, set provisioning to Nominal.
  • If you are running Advanced Firewall Manager, set provisioning to Nominal.

Installing the software

You can install the software at the command line using the Traffic Management shell, tmsh, or in the browser-based Configuration utility using the Software Management screens, available in the System menu. Choose the installation method that best suits your environment.
Installation method Command
Install to existing volume, migrate source configuration to destination tmsh install sys software image [image name] volume [volume name]
Install from the browser-based Configuration utility Use the Software Management screens in a web browser.

Sample installation command

The following command installs version 11.2.0 to volume 3 of the main hard drive.

tmsh install sys software image BIGIP- volume HD1.3

Post-installation tasks

This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Software, and we strongly recommend that you reference the information to ensure successful completion of the installation process.

After the installation finishes, you must complete the following steps before the system can pass traffic.
  1. Ensure the system rebooted to the new installation location.
  2. Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility.
  3. Log on to the browser-based Configuration utility.
  4. Run the Setup utility.
  5. Provision the modules.
  6. Convert any bigpipe scripts to tmsh. (Version 11.x does not support the bigpipe utility.)
Note: You can find information about running the Setup utility and provisioning the modules in the BIG-IP TMOS implementations Creating an Active-Standby Configuration Using the Setup Utility and Creating an Active-Active Configuration Using the Setup Utility.

Installation tips

  • The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.
  • You can check the status of an active installation operation by running the command watch tmsh show sys software, which runs the show sys software command every two seconds. Pressing Ctrl + C stops the watch feature.
  • If installation fails, you can view the log file. The system stores the installation log file as /var/log/liveinstall.log.

Upgrading from earlier versions

Your upgrade process differs depending on the version of software you are currently running.

Warning: Do not use the 10.x installation methods (the Software Management screens, the b software or tmsh sys software commands, or the image2disk utility) to install/downgrade to 9.x software or operate on partitions. Depending on the operations you perform, doing so might render the system unusable. If you need to downgrade from version 10.x to version 9.x, use the image2disk utility to format the system for partitions, and then use a version 9.x installation method described in the version 9.x release notes to install the version 9.x software.

Upgrading from version 10.1.0 (or later) or 11.x

When you upgrade from version 10.1.0 (or later) or 11.x software, you use the Software Management screens in the Configuration utility to complete these steps. To open the Software Management screens, in the navigation pane of the Configuration utility, expand System, and click Software Management. For information about using the Software Management screens, see the online help.

Upgrading from versions earlier than 10.1.0

You cannot roll forward a configuration directly to this version from BIG-IP version 4.x, or from BIG-IP versions 9.0.x through 9.6.x. You must be running version 10.1.0 software. For details about upgrading to those versions, see the release notes for the associated release.

Automatic firmware upgrades

If this version includes new firmware for your specific hardware platform, after you install and activate this version, the system might reboot additional times to perform all necessary firmware upgrades.

Upgrading earlier configurations

When you upgrade from an earlier versions of the software, you might need to know about or take care of these configuration-specific issues.

ID Number Description
ID 223704 When you import a single configuration file (SCF file) that contain VLANs of the same name that exist in different administrative partitions, the operation fails with a unknown operation error. Upgrading configurations with VLANs of the same name in different administrative partitions. Upgrade operation fails with a unknown operation error. Workaround: Before installing an SCF file, run the tmsh load sys config default command. This returns the system to the default configuration, so subsequent configuration import operations should succeed as expected.
ID 401828 The following configurations are invalid for a SIP virtual server: a) TCP virtual server with a UDP profile and a SIP profile. b) UDP virtual server with a TCP profile and a SIP profile. TCP virtual server with a UDP profile and a SIP profile, or a UDP virtual server with a TCP profile and a SIP profile. If such a configuration exists in previous versions, it loads in 11.3.x but may cause a core. Workaround: "Fix the configuration manually, as follows: a) A SIP TCP virtual server must have TCP as one of its profile type. b) A SIP UDP virtual server must have UDP as one of its profile type."
ID 415961 Unused HTTP Class profiles are not rolled forward during upgrade or UCS restore. If you have defined HTTP Class profiles but have not assigned them to virtual servers, the system does not bring forward those profiles into the new configuration when you upgrade. No Policy is created from the HTTP Class profile and the profile does not appear in the new configuration. This occurs when upgrading a pre-v11.4.0 configuration with a HTTP Class profile not attached to a virtual server. You might lose unused HTTP Class profiles in the configuration. Workaround: Attach all HTTP Class profiles to a virtual server before upgrade or save of a UCS.
ID 434364 "When upgrading from 10.x or installing a 10.x originated UCS on 11.x, bigpipe is used to parse the newly created file-object definitions which had been generated from files in the 10.x install. If the filename being upgraded to file-object starts with a '.', then on initial load, bigpipe will give an error while trying to load the generated configuration, resulting in an error message similar to: BIGpipe parsing error (/config/bigpipe/bigip.conf Line 107): 012e0017:3: The requested item (.myfile.txt {) is invalid (external_monitor_file_object_key | show | list | help) for 'external monitor file object'" The installation of a UCS or configuration roll-forward from 10.x to 11.x in which the previous install had files that were upgraded to file-objects, but whose filename started with a '.' The UCS will not install properly, and/or the configuration on initial boot will not load. Workaround: Edit the name of the file-object in question which would be found in /config/bigpipe/bigip.conf to remove the leading '.' character from the object name, and make any references to the file-object match that change.
ID 435332 If there are users defined on a version 10.2.1 BIG-IP system to have administrator or resource-admin roles, and they have partition access to a single partition, these user config objects fail to load during an upgrade to version 11.x. "Here is a sample user config from 10.2.1: user v-abban { password crypt '$1$UIPmGYdY$yewCx.a2qNDauz/UB1Jbp/' description 'v-abban' group 500 home '/home/v-abban' shell '/bin/false' role administrator in Common }" Upgrade or load UCS fails with the following error: 01070821:3: User Restriction Error: The administrator, resource administrator, auditor and web application security administrator roles may not be restricted to a single partition. Workaround: Prior to upgrade, edit the bigip_sys.conf to have the role line as follows: ... role administrator in [All] }
ID 435482 In versions prior to 11.4.0, the UCS does not save files containing spaces in the names. That means that any files that had spaces in the name would not be written to the UCS file and the UCS save would appear to succeed. When a UCS file which was saved in this manner is subsequently applied to 11.4.0 or greater, the configuration load will fail because the referenced file(s) (with spaces in their names) are not present in the UCS. "1. The UCS being applied was saved in a release prior to 11.4.0. 2. The configuration contained config objects with spaces in their names. 3. The UCS is being applied to 11.4.0 or greater." After upgrading into the newer release, the initial config load will fail. Alternatively, manually loading any UCS saved in this manner will result in a similar configuration load failure. Workaround: Boot back to the previous version and rename all the files in question so they don't have spaces in their names. Save the UCS again, and upgrade.
ID 436075 Using syslog include field when the command 'syslog-ng -s' does not succeed before the upgrade. Using syslog include field. It is possible to roll forward an include field with invalid syntax. This will cause the configuration to fail to load. Workaround: When using the syslog include field, ensure that the command 'syslog-ng -s' succeeds before the upgrade.
ID 436212 "If a copper SFP module is installed and a configuration is loaded which sets that module's speed and duplex, this configuration might fail to load. The /var/log/ltm file shows an error similar to the following and the config fails to load. 01070318:3: The requested media for interface 1.1 is invalid." "The system being upgraded needs to have a copper SFP module installed in order to encounter this issue. There are two ways to arrive at this state: when upgrading and at runtime. This runtime error and its workaround is covered in SOL14556, available at When applying a UCS from a previous version of TMOS, this condition can also be triggered." The upgrade fails after booting into TMOS for the first time. Workaround: "To work around this issue, edit /config/bigip_base.conf so that the lines specifying the 'media-sfp' setting are set to 'auto', similar to the following example. Once all interfaces using a non-auto setting are changed, the configuration should load. net interface 1.1 { media-sfp auto }"
ID 436825 Under certain conditions, nodes (or any other object with an IP address) in a partition that belong to route domain 0 will be treated as part of the default route domain for the partition after an upgrade. "All of these conditions must be true: - A system is being upgraded from any TMOS v10.x release to any TMOS v11.x release after 11.1. Upgrading to 11.0 or 11.1 is not affected, but the upgrade process resets the partition's default-route-domain setting to 0. - It has a partition that has its default route domain set to a nonzero route domain - That partition contains nodes with no route domain set (so the default is used) - That partition contains other nodes in route domain 0" Those objects may no longer be addressable or able to connect. Workaround: "Set the partition's default route domain ID to 0 before upgrading, then set it back to its previous value after the upgrade. This field is only used by the GUI and shell, so temporarily changing it to 0 will have no effect on the dataplane."
ID 448409 The command 'load sys config verify' causes loss of sync configuration and initiates a provisioning cycle. The 'verify' option on the 'load sys config' command is designed to ensure that a configuration (either from a file or pasted to the terminal) is valid, but not have it take effect. This affects the ConfigSync communication channel if configured. The ConfigSync connection, including the connections to other devices, might be lost. In addition, provisioning might be impacted. Workaround: You can avoid this issue by using the 'load sys config verify' command 'merge' option, which keeps the current configuration during the validation step. Once affected by this issue, the workaround is to re-load the full configuration using the command: tmsh load sys config partitions all.
ID 449617 If a configuration file includes a passphrase for an ssl-key file object, the object may fail to validate when loading the configuration. Passphrase present in ssl-key file object Configuration fails to load Workaround: Remove passphrase line from the file object.
ID 450050 "Following upgrade from 10.x to 11.x, the config file fails to load. An error similar to the following is logged: ""load_config_files: ""/usr/libexec/bigpipe load"" - failed. -- BIGpipe parsing error (/config/bigpipe/bigip.conf Line xxxx): 012e0020:3: The requested item (respondasm {) is invalid (<profile arg> | show | list | edit | delete | stats reset) for 'profile'.""" "- Upgrading from 10.x to 11.x - respondclass configuration directives were introduced into the customer's /config/bigip.conf profile respondclass XXXX { ... }" Configuration fails to load. Workaround: It is safe in version 11.0 onwards to manually delete a "profile respondclass XXXX {" block.
ID 488417 Cannot load config after upgrade if the admin account is disabled and replaced with a custom user. The system posts the message: 01070829:5: Input error: can't create user, role partition mapping, user does not exist, username, Unexpected Error: Loading configuration process failed. This occurs when upgrading a system on which the root admin account is disabled and replaced with a custom admin user account. You cannot upgrade if the root admin account is disabled. Workaround: Switch back to the volume where you disabled the root admin account, and load the configuration from there. You can then disable root access and create a custom admin user account.
ID 489015 An LTM request-log profile that references a non-existent pool can pass validation in 11.1, but fails beyond 11.2 with an error similar to "The requested Pool (/Common/poolname) was not found." This can cause a load failure when rolling forward the configuration. An invalid request-log profile referencing a non-existent pool, upgrading from 11.1. Failure to load config post-upgrade. Workaround: Correct the request-log profile in the config either prior to upgrade or by editing the config after.
ID 490139 Loading iRules from the iRules file deletes last few comment lines immediately preceding the closing bracket. This occurs when loading an iRule file from versions prior to 11.5.1. Although the comments are removed, this does not affect iRule functionality. Workaround: Put comments in places other than immediately above the closing bracket.
ID 496663 iRule object in non-Common partition referenced from another partition results in upgrade/configuration load failure in 11.x. This occurs when upgrading/loading a configuration containing an iRule in one non-Common partition that references an object in another non-Common partition. A configuration of this type can be saved only using pre-11.x versions of the software. The config upgrade fails, and the UCS/configuration files cannot be loaded. The system posts an error message similar to the following: 'myucs.ucs' failed with the following error message: 'Rule [/UNCOMMONPARTITION/RULEABC] error: Unable to find rule_object (...) referenced at line xyz: [element]'. Workaround: None.
ID 513239 The configuration might fail to load upon upgrade from 10.x to 11.x if the configured SSL profile cache-size value exceeds the maximum supported value on 11.x. SSL profile exists with cache-size greater than 262144 (if upgrading to version 11.0.0 though version 11.4.1) or greater than 4194304 (if upgrading to version 11.5.0 and later). Upgrade from version 10.x to version 11.x fails. The system posts an version-specific error: -- If upgrading to version 11.0.0 through version 11.4.1: 01071313:3: The requested cache size value (4294967295) is out of range for client SSL profile (/Common/my_large_cache); should be in range from 0 to 262144. -- If upgrading to version 11.5.0 and later: 01071313:3: The requested cache size value (4294967295) is out of range for client SSL profile (/Common/my_large_cache); should be in range from 0 to 4194304. Workaround: Prior to upgrade, change the version 10.x cache-size to a value that is supported on the upgraded version. On versions 11.0.0 through 11.4.1, the supported range is from 0 to 262144; on version 11.5.0 and later, the supported range is from 0 to 4194304.
ID 513501 "When upgrading from a version prior to 11.5 to 11.5 or newer, the configuration may fail to load with and error similar to: ""LSN pool is configured with a prefix address that overlaps with a prefix address on another LSN pool"" If the configuration contains an overlapping DNAT and NAPT lsn pool." "On versions prior to 11.5, tmsh would allow users to configure overlapping DNAT and NAPT pools despite this configuration being invalid and non functional. Fixes to the validation were added in 11.5. However when upgrading from previous versions, if a configuration contains overlapping DNAT and NAPT pools it will fail to load the configuration on versions newer than 11.5." Configuration will fail to load on upgrade. Workaround: Edit bigip.conf and find the overlapping LSN pools. Either remove one of the pools or change the mode on the DNAT pool to NAPT.
ID 523797 The upgrade script failed to update the file path name for snmp.process_name, causing a validation error. Workaround: Edit the process name path to reflect the location.
ID 528881 When upgrading to an affected version, if a NAT has a name with spaces in it, the upgraded configuration does not load. The BIG-IP system must be configured with NATs that have spaces in their names. The configuration does not load on the upgraded system. Workaround: Remove spaces in NAT names before upgrading. Specifically: the initial letter must be a letter, underscore ( _ ), or forward slash ( / ), and subsequent characters may be letters, numbers, periods ( . ), hyphens ( - ), underscores ( _ ), or forward slashes ( / ).
ID 530011 Upgrading from 10.2.x to 11.x and see that iRule causes error when iRule event triggered: CLIENT_ACCEPTED - Illegal argument. TCP::option get on profile without tcp option setting (line 1) invoked from within 'TCP::option get 8'. Using rules.tcpoption.settings set specifying tcp option to collect. iRules that use TCP::option and depend on rules.tcpoption.settings do not work as expected when upgrading from 10.2.x to 11.x. Workaround: Configure TCP profile after upgrade that collects appropriate tcp option for iRule: create ltm profile tcp profile_name tcp-options "{8 last}".
ID 532559 If the client-ssl profile is /Common/clientssl, its parent profile is itself. But the configuration uses 'defaults-from none'. Add 'defaults-from none' under client-ssl profile '/Common/clientssl'. The upgrade fails. This occurs because the script extracts the line 'defaults-from none' and treats 'none' is its parent profile. Workaround: None.

Changing the resource provisioning level of the Analytics Module

After upgrading or installing a new version, before you can use the Analytics Module, you must set the Analytics Module resource provisioning level to Nominal. You can do this from the command line, or using the Configuration utility.

Important: Wait 5 minutes after you set the resource provisioning level before making any configuration changes to the Analytics Module. The system overrides all configuration changes that are made before this process is completed. When the process is not completed, the system informs you by displaying, in the Configuration utility, this message: AVR is not ready. The system informs you when the process is completed by indicating in the log (/var/log/avr) the following message: AVR started successfully.

Setting the Analytics Module resource provisioning level to Nominal from the command line

You can set the Analytics Module resource provisioning level to Nominal from the command line.
  1. Open the command-line interface utility.
  2. Type the command: tmsh modify sys provision avr level nominal .
  3. Type the command: tmsh save sys config.
The screen refreshes, and the resource provisioning level of the Analytics Module is set to Nominal.

Setting the Analytics Module resource provisioning level to Nominal using the Configuration utility

You can set the Analytics Module resource provisioning level to Nominal using the Configuration utility.
  1. On the Main tab, click System > Resource Provisioning . The Resource Provisioning screen opens.
  2. Set the Application Visibility and Reporting (AVR) option to Nominal.
  3. Click Submit.
The screen refreshes, and the resource provisioning level of the Analytics Module is set to Nominal.

Fixes in 12.0.0

This release includes the following fixes.

ID Number Description
428162 AVR reporting now correctly displays VLAN Group names.
446272 The network DoS analytics report is no longer empty while the network DoS log has attack entries.
461234 If the system processes HTTP requests with malformed XFF, and the security policy's Accept XFF/Trust XFF Header option is enabled, the system now correctly identifies the real IP addresses that sent this traffic, and they are no longer shown as "::".
467802 If MySQL is down, monpd will go down without causing a core dump.
467945 We fixed an issue where the system had duplicated data, leading to display of the following warning message in the AVR monpd log: Some rows of load_stat_asm_http_ip_xxxxxxxxxx.x not loaded (xxxxx rows affected).
470559-1 We fixed a rare condition where TMM crashed due to traffic stress with rapid changes made to Traffic capturing profiles.
471289 If both ASM and Analytics are provisioned, and you have created an Analytics profile, you can use the tmsh command show analytics report view-by dosl7-profile to view analytics results even if a DoS profile is not configured for, and attached to, a virtual server.
472117 REST API: Now you can modify a scheduled-report type, and it will automatically reset the other type's attribute (predefinedReportName or multiLeveledReport).
472782 When a user configures a new filter on the Security > Event Logs > Application > Requests screen using the Violation Rating field (for example, Violation Rating: At least 3), that filter now also works correctly on the Security > Reporting > Application > Charts screen.
472969 The maximum number of AVR profiles in the system is 264. If you try to create more than 264 AVR profiles, MCP now generates the following message: Can't generate more than 264 AVR profiles, and the system will not create the profiles.
474251 IP addresses are now properly cleaned from lookup tables, making room so new IP addresses can be collected.
474465 Average system CPU and busiest CPU calculation is now based on the critical data plane processing.
474613 Configuration upgrade from versions 11.2, 11.1 or 11.0 now succeeds and works correctly even when two analytics profiles on different partitions are configured with the same remote login server IP address.
474814 Advanced Filters on ASM Charts pages on custom reports are now saved when upgrading to a newer version.
475439, 500457 We fixed a synchronization problem in AVR lookups that sometimes caused TMM and other daemons, such as the Enforcer, to crash.
478346 We fixed an issue that sometimes caused the system to collect incorrect AVR statistics.
480350 We fixed an issue that intermittently caused TMM to crash when APM and AVR are provisioned together.
481541 Previously, a memory leak in the monpd daemon occurred in some situations. It no longer occurs.
488713 AVRD now handles an unhandled exception when using the Thrift server.
489682 If an ASM predefined report was created in a previous version and the system was updated, it could have caused the configuration upgrade to fail. This failure no longer occurs.
496560 We fixed an issue that intermittently caused TMM to crash when APM and AVR are provisioned together. This fix is additional to the one provided in ID 480350.
496624 This fix supports ID 496560 for the better handling of ingress events.
497376 The desired XFF header is taken as the one that represents the HTTP request IP address.
499287 When the global Security Policy is selected on the Security > Overview > Application > Traffic screen, exporting the page (either to a PDF or to e-mail) now works correctly.
499315 Added functionality to collect the full URL (with host name) to AVR statistics.
503471 We fixed a memory leak.
504414 We added these previously missing fields to the external report: DosL7ProfileName, TransactionOutcome, and DosL7AttackID.
508544 AVR injects CSPM JavaScript only when the payload contains an HTML tag. This is the correct behavior.
518663 If page-load-time is enabled in the AVR profile, and the response is small enough to not be chunked, AVR will promise to the client a CSPM injection in the response by adding to the Content-length header. If no <html> tag is found in the response, the system now injects empty spaces to fill in the missing bytes in order to prevent the client from timing out.
531526 Aggregated activity is now reported even when there are many entities to report and some are aggregated.

Known issues

The following items are known issues in the current release.

ID Number Description
344054 The system calculates statistics in the graphs differently than in the table. In the graphs, the system displays a snapshot of statistics recorded at a specific point in time, every five minutes. In the table, the system displays a cumulative number of statistics recorded.
344763 It may take a few minutes for graphs to display changes made to the Analytics configuration.
346255 Analytics does not collect page load time statistics for gzipped (compressed) responses.
351257 Health monitor requests for Global Traffic Manager (GTM) pools or servers are shown in Analytics statistics. (Note that GTM is BIG-IP DNS as of version 12.0.)
368119 AVR+APM: If an Analytics profile is assigned to a virtual server and an Access Profile is assigned to same virtual server, then statistics for pool members are not displayed for page load time.
372174 After changing the sampling ratio, you must restart the MD service by running the command: bigstart restart md.
379479 For chunked responses, the system reports the average HTTP response size in the Configuration utility and database as at least 25 bytes less than its actual size. This is because the system does not report the header "Transfer-Encoding:chunked" and the numbers that indicate the chunked size.
396068 Sometimes when you drill down on the Statistics > Analytics screen, the system displays the following error message: Cannot drilldown into entity: %s .
396131 Although the system permits you to select options from the filter to view statistics by a client IP address and then drill down to view statistics for a custom domain-name ("query name"), you should not. This filter combination is invalid and does not produce results.
397064 If you stop and restart a "bigstart" daemon (for example, if you run the command bigstart restart mysql) afterward, you must also run the command bigstart start to restart dependent daemons.
402353 AVR concurrent session statistics available in iRules are not reset to zero when the traffic is completely stopped. So a later event that triggers iRules and checks for the concurrent number of active sessions does not acquire a value of zero. Instead, it acquires the number of active sessions for some time in the past when there was traffic activity.
404106 When sending HTTP traffic through a virtual server configured with AVR and Response-Adapt profiles, and the ICAP server modifies the response, AVR does not report any activity for the virtual server.
407631 There may be situations where the system's DOS mechanism detects a DoS attack, but the RAM-cache handles the attacking transactions instead of the module. In these cases, while the system detects the attack, the system does not report the attack unless AVR is also assigned to the virtual server.
414273 The results of a user-created filter on the Event Logs > Application > Requests screen may appear differently when using the same filter on the Reporting > Application > Charts screen.
415883 On rare occasions, provisioning changes that involve the AVR, ASM or AFM modules can cause TMM to continuously restart after the machine is reactivated. A reboot to the machine solves the problem (by running the command "reboot").
419676 When you define an alert on an Analytics profile that is assigned to multiple virtual servers, and that alert is defined for any maximum TPS, latency or throughput on an application or pool member, that alert will not be notified, and the LTM log (/var/log/ltm) will show an error message: could not find id or measure field in report ....
441578 If you use an iRule to disable AVR from collecting statistics for a specific URL, that URL does not receive Application Security DoS protection even if Application Security DoS protection is enabled on the virtual server.
455027 Application-level DoS reporting: If traffic runs through a virtual server that is not assigned to DoS profile, it is published as Aggregated instead of using a more descriptive value, as "Unknown" or "N/A".
472291 If AVR is provisioned, and statistics are produced while traffic is running through a virtual server assigned to an Analytics profile, the Configuration utility does not automatically log out after the logout period (configured in the Idle Time Before Automatic Logout setting in the System > Preferences screen) when any Analytics screen under the Statistics menu is opened.

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802

For additional information, please visit

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.


AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to from the email address you are using to subscribe. Unsubscribe by sending a blank email to

Legal notices