All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Blue Coat ProxySG: Why are field extractions not working? Is there an app with prebuilt reports?

nychawk
Communicator
‎05-25-2016 07:32 PM

I am collecting my blue coat logs into several syslog servers, and sending into Splunk with universal forwarders on each.

My proxy's are running the latest SGOS; I know there is a difference in several V6's.

My etc/local/inputs.conf on my UF's was not working at all when I had sourcetype = bluecoat:proxysg:access:file, so I tried using bluecoat:proxysg:access:syslog, and I began to immediately see data. The problem with my data is that I am not seeing the field extractions I expect to see. Did anyone have to create a local props.conf and/or transforms.conf? If so, can you post them here?

Also, what Splunk app should I use to create some canned reports? Is there one I should use, or I can alter to make work with this add-on?

Thank you in advance.

0 Karma
Reply

nychawk
Communicator
‎09-06-2016 10:47 AM

I should have updated this question to reflect my latest changes; prebuilt panels were already added.

What I am looking for is an app that properly searches my index; the latest version of the Bluecoat app does not seem to work.

Thank you.

0 Karma
Reply

dshpritz
SplunkTrust
SplunkTrust
‎09-06-2016 11:10 AM

This exists:

https://splunkbase.splunk.com/app/2624/

That said, it is not specifically for Bluecoat, but is for any CIM-compliant proxy data. It also uses Accelerated Data Models for the reporting, so that is something to be aware of (check the docs)

0 Karma
Reply

nychawk
Communicator
‎09-06-2016 11:49 AM

Thank you David, I'll give this a go in the next 2-3 weeks; disk space is a commodity at the moment; hoping to get this installed before .conf 😉

Your user report is definitely one report I am looking for.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...