Splunk Enterprise

Problem parsing bluecoat logs

tdepablo88
Explorer

Hello,

I have an issue with Symantec Bluecoat Proxy SG when i index data to a heavy forwarder. The logs didn't parse correctly and the coverage is less than 5% of the total events, the sourcetype defined is bluecoat:proxysg:access:syslog.

What is the correct format of the log?.

An example of the log received is attached.

Thanks in advance.

Labels (1)
0 Karma
Get Updates on the Splunk Community!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Index This | What goes away as soon as you talk about it?

May 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...