All Apps and Add-ons

How to deploy the Splunk Add-on for Blue Coat ProxySG in an indexer clustering environment?

Contributor

Where should I deploy the Blue Coat Add-on for proxy SG logs? I'm running a Splunk indexer cluster with a couple of indexers, a master, and a search head. I wanted to find out where to install the app for the field extractions. Should this be done on the indexers? What about the add-on for Blue Coat, should this be installed on the search head and available for end users? I'm kind of confused how this should be deployed. Right now, I am pushing proxy logs from the FTP server to both indexers.

0 Karma
1 Solution

Splunk Employee
Splunk Employee

You should install the add-on to your search heads, indexers, and forwarders. The data collection should be done on forwarders rather than on indexers as a best practice. If you happen to use heavy forwarders for your data collection, you do not need to install the add-on to indexers in that case.

Here is the add-on documentation's installation instructions: http://docs.splunk.com/Documentation/AddOns/latest/BlueCoatProxySG/Install

View solution in original post

Splunk Employee
Splunk Employee

You should install the add-on to your search heads, indexers, and forwarders. The data collection should be done on forwarders rather than on indexers as a best practice. If you happen to use heavy forwarders for your data collection, you do not need to install the add-on to indexers in that case.

Here is the add-on documentation's installation instructions: http://docs.splunk.com/Documentation/AddOns/latest/BlueCoatProxySG/Install

View solution in original post