All Apps and Add-ons

Blue Coat ProxySG App for Splunk: Can I get data in a local file instead of TCP streaming?

banderson7
Communicator

I already have proxy logs on my forwarder in the form of forwarded syslogs, but the directions in the app say to set up a TCP receiving input. Can I change this to use my local logs instead?

0 Karma
1 Solution

joel_ebrahimi
Explorer

You can import the data anyway that you look, you just want to set the sourcetype too bluecoat:proxysg:. Where anything can be substituted for how you want to identify the log.

So for the customclient the sourcetype is bluecoat:proxysg:customclient , but in your case you could use bluecoat:proxysg:locallog if you wanted to keep track of the origin.

View solution in original post

joel_ebrahimi
Explorer

You can import the data anyway that you look, you just want to set the sourcetype too bluecoat:proxysg:. Where anything can be substituted for how you want to identify the log.

So for the customclient the sourcetype is bluecoat:proxysg:customclient , but in your case you could use bluecoat:proxysg:locallog if you wanted to keep track of the origin.

mreynov_splunk
Splunk Employee
Splunk Employee

You may have to adjust sourcetype naming, but otherwise should not be a problem.
Look in the dashboards of the app for the sourcetype it is expecting and do a [sourcetype] rename in the local/props.conf for the app.

0 Karma
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...