Installation

Does Splunk for BlueCoat app work with the free version of splunk ?

New Member

I do not see anything in my dashboard 😞

/Kim

Tags (1)
0 Karma

Splunk Employee
Splunk Employee

Community Apps are supported by the free license: http://www.splunk.com/view/free-vs-enterprise/SP-CAAAE8W

As araitz suggested, please ensure your Bluecoat data is sourcetyped as bcoat_proxysg. Additionally, you will need to ensure the field extractions match your particular bluecoat log format. This is likely the culprit and the trickiest part to adjust if you are new to Splunk.

If you want, please paste your Bluecoat logging format here and we can help you with the field extraction configuration.

0 Karma

New Member

All, thanks for your feedback.
@hulahoop . I will try to see if I can make if work, if not I might get back to you, and ask for help 😉

0 Karma

Splunk Employee
Splunk Employee

Be sure to read the documentation, especially the part that requires the sourcetype for the relevant data to be set to 'bcoat_proxysg'.

Contributor

The Splunk for Bluecoat app should work on the free version of Splunk, provided you are not going over the maxed index per day limit, which is 500mb. You should be able to download and install the app from splunkbase, but you will be required a valid login, which is also free.

Communicator

Its page on splunkbase indicates you need a Splunk license:

http://www.splunkbase.com/apps/All/4.x/App/app:Splunk+for+Blue+Coat

scott

0 Karma

Communicator

Interesting, thanks for the tip. Seems confusing that this wording is used: "Free for use with a Splunk license.". Doesn't every splunk release come with at least a free license or am I missing something?

0 Karma

Contributor

The license they are talking about here can either be the free license or the enterprise license, but either way, the app should work.

0 Karma