Enterprise Security: why is sourcetype="bluecoat:p...

danielbb · ‎11-12-2019

The bluecloat sourcetype "bluecoat:proxysg:admin:file" is tagged as error. It's also not listed at Sourcetypes for the Splunk Add-on for Symantec Blue Coat ProxySG

Why is it?

aholzel · ‎11-13-2019

The eventtype "err0r" from the Splunk_SA_CIM is a very broad search.. that is almost a catch all

gjanders · ‎11-12-2019

Do you happen to have the Splunk TA *nix app installed? That has some very open tag=error searches.
You can see this by checking the eventtypes involved where you see tag=error....

Enterprise Security: why is sourcetype="bluecoat:proxysg:admin:file" tagged as error

Best of Community @.conf20
Humans That Splunk: Meet Abhishek...
Humans That Splunk: Meet Guiseppe...

Visit our Community Blog >

Enterprise Security: why is sourcetype="bluecoat:proxysg:admin:file" tagged as error

Best of Community @.conf20 Humans That Splunk: Meet Abhishek... Humans That Splunk: Meet Guiseppe... Visit our Community Blog >

Best of Community @.conf20
Humans That Splunk: Meet Abhishek...
Humans That Splunk: Meet Guiseppe...

Visit our Community Blog >