Thanks For Downloading!Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows: Windows: Decompress the downloaded file using a tool like 7-Zip and place the resulting folder into Unix/Linux: Decompress the downloaded file using a tool like DescriptionAn updated version of this app with support for PorxySG and CacheFlow can be found here:
Documentation can be found here: http://www.splunk.com/goto/splunkforbluecoatsetup Versions and Release Notes
Version 1.2 (current version - updated Mar 11, 2010)
Version 1.1
(updated Jan 07, 2010)
Version 1.0
(updated Dec 09, 2009)
Version Beta 4
(updated Oct 26, 2009)
Version Beta1.2
(updated Jul 21, 2009)
Version Beta2
(updated Jul 21, 2009)
Version Beta1.1
(updated Jul 21, 2009)
Version Beta1
(updated Jul 19, 2009)
Version 0.91
(updated Jul 14, 2009)
Version 0.9
(updated Jul 13, 2009)
|
dont think it matters as the log format is still the same.
noticed on the latest 4.3.1 upgrade in splunk the config checker found this:
Possible typo in stanza [class_id] in /app/splunk/etc/apps/SplunkforBlueCoat/default/transforms.conf, line 49: SOURC_KEY = ClassID Possible typo in stanza [class_id] in /app/splunk/etc/apps/SplunkforBlueCoat/default/transforms.conf, line 54: SOURC_KEY = ClassID Possible typo in stanza [class_id] in /app/splunk/etc/apps/SplunkforBlueCoat/default/transforms.conf, line 59: SOURC_KEY = ClassI
i think it should be SOURCE_KEY = ClassID
Will, We pull our logs via Syslog-ng and ran into problems with the space delimited fields. I've rewritten parts of your app and would like to share them with you. Please let me know how to get this information to you.
The destination filter in Syslog-ng that was used is:
destination df_splunk4bluecoat {
file("/var/log/network/bluecoat/$HOST/syslog-ng.log"
owner(root) group(adm) perm(0640) dir_perm(0750) dir_group(adm) create_dirs(yes)
template("$MSG\n") );
}
Joe
Hi, does this version support Bluecoat Proxy SG SGOS 5.3.3.1 ?
