I'm relatively new to Splunk and have been looking for ideas on searches I could use in our environment with regards to the Bluecoat add-on.
One scenario I'd be especially interested in is utilizing the transaction command, based on referring URLs, to potentially pinpoint what's causing a certain website not to load properly in a transparent proxy deployment. Does anyone run into this problem and use Splunk to troubleshoot it? I've been doing this so far without using transaction, but know there's a lot of potential there.
Any ideas on this or other scenarios would be appreciated. I'm just wondering how others are using the add-on for troubleshooting or threat hunting, etc. What are some of the use cases you've explored and searches you run frequently?
Yep, thank you for the link. We are already installed and configured. I'm just looking for ways others are using it from a searching and reporting standpoint, especially around website troubleshooting. (i.e. this website won't load for a user, so let's apply a particular search to the scenario, similar to how you might use output from Chrome Developer Tools or getting a .har file). I'm already doing that now, but know that there's probably a lot to be gained by using transactions.