All Apps and Add-ons

How to deploy the Splunk Add-on for Blue Coat ProxySG in an indexer clustering environment?

daniel_augustyn
Contributor

Where should I deploy the Blue Coat Add-on for proxy SG logs? I'm running a Splunk indexer cluster with a couple of indexers, a master, and a search head. I wanted to find out where to install the app for the field extractions. Should this be done on the indexers? What about the add-on for Blue Coat, should this be installed on the search head and available for end users? I'm kind of confused how this should be deployed. Right now, I am pushing proxy logs from the FTP server to both indexers.

0 Karma
1 Solution

rpille_splunk
Splunk Employee
Splunk Employee

You should install the add-on to your search heads, indexers, and forwarders. The data collection should be done on forwarders rather than on indexers as a best practice. If you happen to use heavy forwarders for your data collection, you do not need to install the add-on to indexers in that case.

Here is the add-on documentation's installation instructions: http://docs.splunk.com/Documentation/AddOns/latest/BlueCoatProxySG/Install

View solution in original post

rpille_splunk
Splunk Employee
Splunk Employee

You should install the add-on to your search heads, indexers, and forwarders. The data collection should be done on forwarders rather than on indexers as a best practice. If you happen to use heavy forwarders for your data collection, you do not need to install the add-on to indexers in that case.

Here is the add-on documentation's installation instructions: http://docs.splunk.com/Documentation/AddOns/latest/BlueCoatProxySG/Install

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...