Hello,
I have installed Bluecaot proxySG app on my Splunk.
Related to the procedure below :
In Splunk, you will need to add a new TCP Data input. The app expects the source type to be bcoat_log. You may choose something different, but you will need to modify the app as well. Too add this input, log into Splunk and click on Manager. Under the Data section, click on "Data inputs". Then click on "Add new" for a TCP input. On this page, you can enter the port number, 20108 for example. You can optionally override the source name as well. Leave "Set sourcetype" as "From list", and choose bcoat_log from the dropdown list. Click on more settings, and set the index for this source to be bcoat_logs.
I configure my BC to send logs file to the splunk serve but the app dashboard display any result.
When I search whith index=bcoat_logs, I can see logs information. And a search with the sourcetype=bcoat_log, I have no results.
Do you an idea why it does not work ?
Thank you in advance.
... View more