Installation

Does Splunk for BlueCoat app work with the free version of splunk ?

kimthostrup
New Member

I do not see anything in my dashboard 😞

/Kim

Tags (1)
0 Karma

hulahoop
Splunk Employee
Splunk Employee

Community Apps are supported by the free license: http://www.splunk.com/view/free-vs-enterprise/SP-CAAAE8W

As araitz suggested, please ensure your Bluecoat data is sourcetyped as bcoat_proxysg. Additionally, you will need to ensure the field extractions match your particular bluecoat log format. This is likely the culprit and the trickiest part to adjust if you are new to Splunk.

If you want, please paste your Bluecoat logging format here and we can help you with the field extraction configuration.

0 Karma

kimthostrup
New Member

All, thanks for your feedback.
@hulahoop . I will try to see if I can make if work, if not I might get back to you, and ask for help 😉

0 Karma

araitz
Splunk Employee
Splunk Employee

Be sure to read the documentation, especially the part that requires the sourcetype for the relevant data to be set to 'bcoat_proxysg'.

BunnyHop
Contributor

The Splunk for Bluecoat app should work on the free version of Splunk, provided you are not going over the maxed index per day limit, which is 500mb. You should be able to download and install the app from splunkbase, but you will be required a valid login, which is also free.

skippylou
Communicator

Its page on splunkbase indicates you need a Splunk license:

http://www.splunkbase.com/apps/All/4.x/App/app:Splunk+for+Blue+Coat

scott

0 Karma

skippylou
Communicator

Interesting, thanks for the tip. Seems confusing that this wording is used: "Free for use with a Splunk license.". Doesn't every splunk release come with at least a free license or am I missing something?

0 Karma

BunnyHop
Contributor

The license they are talking about here can either be the free license or the enterprise license, but either way, the app should work.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...