- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: What add-ons are needed for the Blue Coat apps...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What add-ons are needed for the Blue Coat apps, and where are these installed in a Search Head and Indexer Clustering environment?
Hello;
I am encountering issues with the Blue Coat app. It's not my first time deploying this app, and am considering instead just using this app, or apps; there seem to be many. https://splunkbase.splunk.com/apps/#/page/1/author/joel.ebrahimi/order/latest
My questions are:
Why are there so many different apps, versus just one?
What add-ons/TA's are needed, and where are these installed?
I already have my Bluecoats (SG's right now, soon to be ASG's) sending logs to syslog; I assume the documented sourcetype would work.
Thank you in advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Blue Coat has created 1 Technical Add On for getting the data into Splunk and 1 App for dashboards around that data for the latest ProxySG. The TA is using the custom client to receive the data at this time. Ive included the documentation here that is available as well on BlueTouch Online in TAP Integrations.
Anyone is free to create apps based on any Blue Coat products, but Blue Coat only supports the ones created by them.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also just so you are aware, the 3 other Blue Coat apps you created tags for are for 3 other Blue Coat products. There is ProxySG as you are aware but there is also an App for Security Analytics and an App for Malware Analysis.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk added a BlueCoat add-on late last year, which I assume is compatible with the BC app?
In terms of your own Add-on/TA, can I install that instead of the BC app and Splunk BC add-on?
I like the Bluecoat app, but from what I've read, others have been adding fixes and changes to the searches, but they never seem to make it into a newer release.
Thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Blue Coat ProxySG TA is compatible with the Blue Coat ProxySG App. The other could probably work but it may require changing the sourcetype or other items but I do not really know.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
