All Apps and Add-ons

Splunk for Blue Coat ProxySG: ProxySG logs indexing in the wrong format

tequilalinux
New Member

While getting Proxy SG BlueCoat logs, all events data coming from bluecoat sourcetype look like this:

\xA4\x9Fjv5\xC8(\x904UV{I\x93\xD2R\xD2ߌKSZ\xBDuT\xEF9\xAC\xFD\x93Uo\xA0\x8F{\xA8\xDEF\x81\xE0\xA90\xAE,nq\xE8Un\xFF\xE2\xE4û\xED:\xD3-\x83:\xF0o!

0 Karma

shubham87
Explorer

On proxySG, you need to change log format to text instead of gzip. This should resolve the issue.

,On proxy SG change format to text file instead of gzip. That should resolve the issue

0 Karma

tequilalinux
New Member

Hi Koshyk, the logs are onboarded via syslog, using TCP 1526 port.

0 Karma

koshyk
Super Champion

are you using syslog server to collect the logs or directly into Splunk?

0 Karma

tequilalinux
New Member

Hello Koshyk, the logs are onboarded via syslog using tcp port 1526.

0 Karma
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...