Hi,
Has anyone managed to create a custom parser/sourcetype which maps all relevant BlueCoat access Log fields into the Common Information Model?
Will this become a feature in an upcoming version of the Splunk for BlueCoat App?
We'd like to "natively" include BlueCoat data into the ES App (and other CIM-aware apps and dashboards)
Best wishes,
Adam
Hi Adam,
have you tried "TA-bluecoat" (included in ES App). Works fine with the fields relevant for us. Also try the "App for Webproxies". Excellent piece!
Regards,
Thomas