Community Apps are supported by the free license: http://www.splunk.com/view/free-vs-enterprise/SP-CAAAE8W
As araitz suggested, please ensure your Bluecoat data is sourcetyped as bcoat_proxysg
. Additionally, you will need to ensure the field extractions match your particular bluecoat log format. This is likely the culprit and the trickiest part to adjust if you are new to Splunk.
If you want, please paste your Bluecoat logging format here and we can help you with the field extraction configuration.
All, thanks for your feedback.
@hulahoop . I will try to see if I can make if work, if not I might get back to you, and ask for help 😉
Be sure to read the documentation, especially the part that requires the sourcetype for the relevant data to be set to 'bcoat_proxysg'.
The Splunk for Bluecoat app should work on the free version of Splunk, provided you are not going over the maxed index per day limit, which is 500mb. You should be able to download and install the app from splunkbase, but you will be required a valid login, which is also free.
Its page on splunkbase indicates you need a Splunk license:
http://www.splunkbase.com/apps/All/4.x/App/app:Splunk+for+Blue+Coat
scott
Interesting, thanks for the tip. Seems confusing that this wording is used: "Free for use with a Splunk license.". Doesn't every splunk release come with at least a free license or am I missing something?
The license they are talking about here can either be the free license or the enterprise license, but either way, the app should work.