All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Blue Coat ProxySG App for Splunk: Can I get data in a local file instead of TCP streaming?

banderson7
Communicator
‎11-19-2015 01:08 PM

I already have proxy logs on my forwarder in the form of forwarded syslogs, but the directions in the app say to set up a TCP receiving input. Can I change this to use my local logs instead?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

joel_ebrahimi
Explorer
‎11-20-2015 10:09 AM

You can import the data anyway that you look, you just want to set the sourcetype too bluecoat:proxysg:. Where anything can be substituted for how you want to identify the log.

So for the customclient the sourcetype is bluecoat:proxysg:customclient , but in your case you could use bluecoat:proxysg:locallog if you wanted to keep track of the origin.

View solution in original post

Reply
Solved! Jump to solution
Solution

joel_ebrahimi
Explorer
‎11-20-2015 10:09 AM

You can import the data anyway that you look, you just want to set the sourcetype too bluecoat:proxysg:. Where anything can be substituted for how you want to identify the log.

So for the customclient the sourcetype is bluecoat:proxysg:customclient , but in your case you could use bluecoat:proxysg:locallog if you wanted to keep track of the origin.

Reply
Solved! Jump to solution

mreynov_splunk
Splunk Employee
Splunk Employee
‎11-19-2015 04:14 PM

You may have to adjust sourcetype naming, but otherwise should not be a problem.
Look in the dashboards of the app for the sourcetype it is expecting and do a [sourcetype] rename in the local/props.conf for the app.

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...