All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to deploy the Splunk Add-on for Blue Coat ProxySG in an indexer clustering environment?

daniel_augustyn
Contributor
‎12-15-2015 08:48 PM

Where should I deploy the Blue Coat Add-on for proxy SG logs? I'm running a Splunk indexer cluster with a couple of indexers, a master, and a search head. I wanted to find out where to install the app for the field extractions. Should this be done on the indexers? What about the add-on for Blue Coat, should this be installed on the search head and available for end users? I'm kind of confused how this should be deployed. Right now, I am pushing proxy logs from the FTP server to both indexers.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rpille_splunk
Splunk Employee
Splunk Employee
‎12-15-2015 09:21 PM

You should install the add-on to your search heads, indexers, and forwarders. The data collection should be done on forwarders rather than on indexers as a best practice. If you happen to use heavy forwarders for your data collection, you do not need to install the add-on to indexers in that case.

Here is the add-on documentation's installation instructions: http://docs.splunk.com/Documentation/AddOns/latest/BlueCoatProxySG/Install

View solution in original post

Reply
Solved! Jump to solution
Solution

rpille_splunk
Splunk Employee
Splunk Employee
‎12-15-2015 09:21 PM

You should install the add-on to your search heads, indexers, and forwarders. The data collection should be done on forwarders rather than on indexers as a best practice. If you happen to use heavy forwarders for your data collection, you do not need to install the add-on to indexers in that case.

Here is the add-on documentation's installation instructions: http://docs.splunk.com/Documentation/AddOns/latest/BlueCoatProxySG/Install

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...