All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Bluecoat app search ideas?

eblackburn
Path Finder
‎08-15-2019 10:07 AM

Hello,

I'm relatively new to Splunk and have been looking for ideas on searches I could use in our environment with regards to the Bluecoat add-on.

One scenario I'd be especially interested in is utilizing the transaction command, based on referring URLs, to potentially pinpoint what's causing a certain website not to load properly in a transparent proxy deployment. Does anyone run into this problem and use Splunk to troubleshoot it? I've been doing this so far without using transaction, but know there's a lot of potential there.

Any ideas on this or other scenarios would be appreciated. I'm just wondering how others are using the add-on for troubleshooting or threat hunting, etc. What are some of the use cases you've explored and searches you run frequently?

Thank you!

0 Karma
Reply

Sukisen1981
Champion
‎08-15-2019 11:19 AM

had a look at this? - https://splunkbase.splunk.com/app/2758/#/overview

0 Karma
Reply

eblackburn
Path Finder
‎08-15-2019 11:37 AM

Yep, thank you for the link. We are already installed and configured. I'm just looking for ways others are using it from a searching and reporting standpoint, especially around website troubleshooting. (i.e. this website won't load for a user, so let's apply a particular search to the scenario, similar to how you might use output from Chrome Developer Tools or getting a .har file). I'm already doing that now, but know that there's probably a lot to be gained by using transactions.

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...