Installed the Splunk Add-on for Blue Coat ProxySG and missing something. It displays "page not found" when I try to launch the app.
URL goes to: server:port/en-US/app/Splunk_TA_bluecoat-proxysg/setup
404 Not Found
Return to Splunk home page
Page not found!
View more information about your request (request ID = ) in Search
I tried this from the search heads and the indexers all with the same results. I upgraded from 3.4.1 to 3.4.2 and no difference.
gdavid, this is not an app, it is an add-on. The function of this add-on is to help you get your data in and provide some knowledge management for it. This add-on is not meant to be visible as there is no UI and no custom setup configuration screens. Please turn visibility back off, as there is nothing to "launch". That is the cause of all your confusion. You can still use the prebuilt panels with the visibility turned off, as those are just objects that you can add to any of your existing dashboards. Here is some quick info about that: http://docs.splunk.com/Documentation/AddOns/latest/Overview/Prebuiltpanels
Were you not able to find the documentation instructions? The high level steps are here: http://docs.splunk.com/Documentation/AddOns/latest/BlueCoatProxySG/Installationoverview
As those instructions indicate, you should configure a monitor input or a syslog input, depending on how you configured your logging in your Blue Coat ProxySG appliance. After that, you should be all set.
gdavid, this is not an app, it is an add-on. The function of this add-on is to help you get your data in and provide some knowledge management for it. This add-on is not meant to be visible as there is no UI and no custom setup configuration screens. Please turn visibility back off, as there is nothing to "launch". That is the cause of all your confusion. You can still use the prebuilt panels with the visibility turned off, as those are just objects that you can add to any of your existing dashboards. Here is some quick info about that: http://docs.splunk.com/Documentation/AddOns/latest/Overview/Prebuiltpanels
Were you not able to find the documentation instructions? The high level steps are here: http://docs.splunk.com/Documentation/AddOns/latest/BlueCoatProxySG/Installationoverview
As those instructions indicate, you should configure a monitor input or a syslog input, depending on how you configured your logging in your Blue Coat ProxySG appliance. After that, you should be all set.
ah the good ole prebuilt panels functionality... duh!
@jkat - (pressed the like button)
rpille_splunk - thanks for the info, that's where the confusion was.
distributed but not clustered environment.
two search heads (not clustered), two indexers (load balanced/not clustered)
Wow the installation instructions for this leave something to be desired.
Did you install on everything?
"In a distributed deployment, install the Splunk Add-on for Blue Coat ProxySG to your search heads, indexers, and forwarders."
installed on all servers. confirmed they are all 3.4.2
i dont understand why its going to /setup, from what i can tell in the development guide this is for configuration and requires a setup.xml file which i dont see in the app at all.
Does the Splunk Add-on for Blue Coat ProxySG have a UI? or does it require a different app for the interface?
i see the app has a UI folder with xml dashboards but it also installed with visible = false as a default.
Seems like maybe the developers left some file out as you've already alluded to. What if you download an earlier version and see if you cannfind that setup xml file. From what your error is giving you need that file.
i found the prebuilt panels:
i dropped into a view and called it home, now if i manually go to
server:port/en-US/app/Splunk_TA_bluecoat-proxysg/home it semi works. there are alot of pre-reqs here to get the geolocaton etc to work. this is either not the right front end or this app just sucks.
Splunk Bluecoat
Splunk bluecoat overview
<search>
<query>sourcetype="bluecoat:proxysg:access*" | iplocation dest | geostats count by action</query>
<earliest>-7d</earliest>
<latest>now</latest>
</search>
<option name="mapping.data.maxClusters">100</option>
<option name="mapping.drilldown">all</option>
<option name="mapping.map.center">(0,0)</option>
<option name="mapping.map.zoom">2</option>
<option name="mapping.markerLayer.markerMaxSize">50</option>
<option name="mapping.markerLayer.markerMinSize">10</option>
<option name="mapping.markerLayer.markerOpacity">0.8</option>
<option name="mapping.tileLayer.maxZoom">7</option>
<option name="mapping.tileLayer.minZoom">0</option>
<option name="drilldown">all</option>
<search>
<query>sourcetype="bluecoat:proxysg:access*" | iplocation src | geostats count by action</query>
<earliest>-7d</earliest>
<latest>now</latest>
</search>
<option name="mapping.data.maxClusters">100</option>
<option name="mapping.drilldown">all</option>
<option name="mapping.map.center">(0,0)</option>
<option name="mapping.map.zoom">2</option>
<option name="mapping.markerLayer.markerMaxSize">50</option>
<option name="mapping.markerLayer.markerMinSize">10</option>
<option name="mapping.markerLayer.markerOpacity">0.8</option>
<option name="mapping.tileLayer.maxZoom">7</option>
<option name="mapping.tileLayer.minZoom">0</option>
<option name="drilldown">all</option>
<search>
<query>sourcetype="bluecoat:proxysg:access*" http_method=* | timechart count by http_method</query>
<earliest>-7d</earliest>
<latest>now</latest>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">line</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
<search>
<query>sourcetype="bluecoat:proxysg:access*" | stats count by category</query>
<earliest>-7d</earliest>
<latest>now</latest>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">false</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">pie</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
seems like they just left some things out in latest version accidentally but yeah, some apps are just not very friendly. I have 0 exp with this app BTW, just trying to help.
Visible only makes it not show up in the left hand app selector menu. You should still be able to get to the app if you're logged in as admin by specifying the url
As the steps for troubleshooting will depend on the setup / type of splunk evironment you are using, please do specify if you have distributed environment, multi-site cluster, single instance, splunk cloud, etc etc.
http://docs.splunk.com/Documentation/AddOns/latest/BlueCoatProxySG/Install