All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Blue Coat ProxySG App for Splunk: Can I get data in a local file instead of TCP streaming?

banderson7
Communicator
‎11-19-2015 01:08 PM

I already have proxy logs on my forwarder in the form of forwarded syslogs, but the directions in the app say to set up a TCP receiving input. Can I change this to use my local logs instead?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

joel_ebrahimi
Explorer
‎11-20-2015 10:09 AM

You can import the data anyway that you look, you just want to set the sourcetype too bluecoat:proxysg:. Where anything can be substituted for how you want to identify the log.

So for the customclient the sourcetype is bluecoat:proxysg:customclient , but in your case you could use bluecoat:proxysg:locallog if you wanted to keep track of the origin.

View solution in original post

Reply
Solved! Jump to solution
Solution

joel_ebrahimi
Explorer
‎11-20-2015 10:09 AM

You can import the data anyway that you look, you just want to set the sourcetype too bluecoat:proxysg:. Where anything can be substituted for how you want to identify the log.

So for the customclient the sourcetype is bluecoat:proxysg:customclient , but in your case you could use bluecoat:proxysg:locallog if you wanted to keep track of the origin.

Reply
Solved! Jump to solution

mreynov_splunk
Splunk Employee
Splunk Employee
‎11-19-2015 04:14 PM

You may have to adjust sourcetype naming, but otherwise should not be a problem.
Look in the dashboards of the app for the sourcetype it is expecting and do a [sourcetype] rename in the local/props.conf for the app.

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...