Solved: Blue Coat ProxySG App for Splunk: Can I get data i...

banderson7 · ‎11-19-2015

I already have proxy logs on my forwarder in the form of forwarded syslogs, but the directions in the app say to set up a TCP receiving input. Can I change this to use my local logs instead?

joel_ebrahimi · ‎11-20-2015

You can import the data anyway that you look, you just want to set the sourcetype too bluecoat:proxysg:. Where anything can be substituted for how you want to identify the log.

So for the customclient the sourcetype is bluecoat:proxysg:customclient , but in your case you could use bluecoat:proxysg:locallog if you wanted to keep track of the origin.

View solution in original post

joel_ebrahimi · ‎11-20-2015

You can import the data anyway that you look, you just want to set the sourcetype too bluecoat:proxysg:. Where anything can be substituted for how you want to identify the log.

So for the customclient the sourcetype is bluecoat:proxysg:customclient , but in your case you could use bluecoat:proxysg:locallog if you wanted to keep track of the origin.

mreynov_splunk · ‎11-19-2015

You may have to adjust sourcetype naming, but otherwise should not be a problem.
Look in the dashboards of the app for the sourcetype it is expecting and do a [sourcetype] rename in the local/props.conf for the app.

Blue Coat ProxySG App for Splunk: Can I get data in a local file instead of TCP streaming?

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

There's No Place Like Chrome and the Splunk Platform

Customer Experience | Join the Customer Advisory Board!