All Apps and Add-ons

Blue Coat ProxySG App for Splunk: Can I get data in a local file instead of TCP streaming?

banderson7
Communicator

I already have proxy logs on my forwarder in the form of forwarded syslogs, but the directions in the app say to set up a TCP receiving input. Can I change this to use my local logs instead?

0 Karma
1 Solution

joel_ebrahimi
Explorer

You can import the data anyway that you look, you just want to set the sourcetype too bluecoat:proxysg:. Where anything can be substituted for how you want to identify the log.

So for the customclient the sourcetype is bluecoat:proxysg:customclient , but in your case you could use bluecoat:proxysg:locallog if you wanted to keep track of the origin.

View solution in original post

joel_ebrahimi
Explorer

You can import the data anyway that you look, you just want to set the sourcetype too bluecoat:proxysg:. Where anything can be substituted for how you want to identify the log.

So for the customclient the sourcetype is bluecoat:proxysg:customclient , but in your case you could use bluecoat:proxysg:locallog if you wanted to keep track of the origin.

mreynov_splunk
Splunk Employee
Splunk Employee

You may have to adjust sourcetype naming, but otherwise should not be a problem.
Look in the dashboards of the app for the sourcetype it is expecting and do a [sourcetype] rename in the local/props.conf for the app.

0 Karma
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...