All Apps and Add-ons

Splunk for Blue Coat ProxySG: ProxySG logs indexing in the wrong format

tequilalinux
New Member

While getting Proxy SG BlueCoat logs, all events data coming from bluecoat sourcetype look like this:

\xA4\x9Fjv5\xC8(\x904UV{I\x93\xD2R\xD2ߌKSZ\xBDuT\xEF9\xAC\xFD\x93Uo\xA0\x8F{\xA8\xDEF\x81\xE0\xA90\xAE,nq\xE8Un\xFF\xE2\xE4û\xED:\xD3-\x83:\xF0o!

0 Karma

shubham87
Explorer

On proxySG, you need to change log format to text instead of gzip. This should resolve the issue.

,On proxy SG change format to text file instead of gzip. That should resolve the issue

0 Karma

tequilalinux
New Member

Hi Koshyk, the logs are onboarded via syslog, using TCP 1526 port.

0 Karma

koshyk
Super Champion

are you using syslog server to collect the logs or directly into Splunk?

0 Karma

tequilalinux
New Member

Hello Koshyk, the logs are onboarded via syslog using tcp port 1526.

0 Karma
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...