Release history for the Splunk Add-on for Symantec Blue Coat ProxySG
The latest version of the Splunk Add-on for Symantec Blue Coat ProxySG is version 3.8.1. See Release notes for the Splunk Add-on for Symantec Blue Coat ProxySG for release notes of this latest version.
Version 3.8.0
Version 3.8.0 of the Splunk Add-on for Symantec Blue Coat ProxySG was released in January 2022.
Compatibility
| Splunk platform versions | ,8.1,8.2 |
| CIM | |
| Platforms | Platform independent |
| Vendor Products | Bluecoat ProxySG version OS 6.7.5, 7.2.2.1,7.3.x |
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features
Version 3.8.0 of the Splunk Add-on for Symantec Bluecoat ProxySG has the following new features:
- Support for Bluecoat ProxySG version 6.7.5 and 7.2.2.1 has been added to sourcetypes
bluecoat:proxysg:access:fileandbluecoat:proxysg:access:kv.
Additional Notes
Please note the following changes in this release:
| source | sourcetype | fields added |
|---|---|---|
| 6.7.x.log | bluecoat:proxysg:access:syslog | cs_host |
| cs_host | ||
| bytes_in | ||
| time | ||
| uri_path | ||
| cs_auth_group | ||
| cs_method | ||
| x_bluecoat_transaction_uuid | ||
| http_user_agent | ||
| cs_categories | ||
| date | ||
| x_bluecoat_application_name | ||
| vendor_categories | ||
| cs_uri_extension | ||
| http_referrer | ||
| x_icap_respmod_header | ||
| sc_status | ||
| x_virus_id | ||
| cs_uri_query | ||
| s_supplier_name | ||
| sc_filter_result | ||
| http_method | ||
| cs_User_Agent | ||
| dest_port | ||
| x_access_security_policy_reason | ||
| src | ||
| category | ||
| action | ||
| uri_query | ||
| http_referrer_domain | ||
| url_domain | ||
| cs_Referer | ||
| s_supplier_failures | ||
| dest_host | ||
| dvc | ||
| x_bluecoat_application_groups | ||
| s_action | ||
| s_ip | ||
| cs_bytes | ||
| bytes_out | ||
| cs_uri_port | ||
| http_content_type | ||
| sc_bytes | ||
| user | ||
| cs_username | ||
| dest | ||
| cs_uri_path | ||
| http_user_agent_length | ||
| transport | ||
| x_icap_reqmod_header | ||
| time_taken | ||
| status | ||
| x_access_security_policy_action | ||
| duration | ||
| s_supplier_country | ||
| bytes | ||
| x_bluecoat_application_operation | ||
| cs_threat_risk | ||
| cs_uri_scheme | ||
| rs_Content_Type | ||
| url | ||
| x_exception_id | ||
| c_ip | ||
| vendor_action | ||
| s_supplier_ip | ||
| 7.3.x.log | bluecoat:proxysg:access:kv | url_domain |
| bw3c.log | bluecoat:proxysg:access:file | http_referrer_domain |
| url_domain |
Upgrade
If you are using only one specific version of Blue Coat logs, you can comment out the Report-auto_kv lines for the unused versions in default/props.conf to improve search performance.
Fixed issues
Version 3.8.0 of the Splunk Add-on for Symantec Blue Coat ProxySG has the following fixed issues. If no issues are listed, no issues have yet been reported:
Known issues
Version 3.8.0 of the Splunk Add-on for Symantec Blue Coat ProxySG has the following known issues. If no issues are listed, no issues have yet been reported:
| Date filed | Issue number | Description |
|---|---|---|
| 2022-05-25 | ADDON-52250 | Correct mapping of destination IP Workaround: Updating extractions of dest and dest_ip in the props.conf file |
Third-party software attributions
Version 3.7.0 of the Splunk Add-on for Symantec Blue Coat ProxySG does not incorporate any third-party software or libraries.
Version 3.7.0
Version 3.7.0 of the Splunk Add-on for Symantec Blue Coat ProxySG was released on October 20, 2019.
Compatibility
| Splunk platform versions | 8.0.0, 7.3.x, 7.2.x |
| CIM | 4.17 |
| Platforms | Platform independent |
| Vendor Products | Bluecoat ProxySG version OS 5.3.3, 6.5.x, 6.6.3.2, 6.6.4.2, 6.7.5, 7.2.2.1 |
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features
Version 3.7.0 of the Splunk Add-on for Symantec Bluecoat ProxySG has the following new features:
- Support for Bluecoat ProxySG version 6.7.5 and 7.2.2.1 has been added to sourcetypes
bluecoat:proxysg:access:fileandbluecoat:proxysg:access:kv.
Additional Notes
Please note the following changes in this release:
bcereportermain_v1configurations for thebluecoat:proxysg:syslogsourcetype is supported only for versions 5.3.3, 6.5.x, 6.6.3.2, 6.6.4.2.bluecoat:proxysg:access:kvis recommended for collecting syslog data going forward.- The
eventtype bluecoat_traffic_monitoris removed from this release. - The Web CIM field category is now a single-value field instead of a multi-value. The multi-value is now captured in
vendor_categories. inputs.confin the default directory is no longer shipped in the add-on,- Support for the following fields have been removed:
cs_Cookiecs_hostc_ports_portcs_ipcs_protocolc_pkts_receiveds_session_id
Upgrade
If you are using only one specific version of Blue Coat logs, you can comment out the Report-auto_kv lines for the unused versions in default/props.conf to improve search performance.
Unlike previous versions, versions 3.5.0 and above of the Splunk Add-on for Symantec Blue Coat ProxySG do not support Blue Coat version 5.3.3 logs by default. If you want to ingest version 5.3.3 logs, complete these steps:
- Open or create a
local/props.conffile. - Open
default/props.conf. - Copy the
#REPORT-auto_kv_for_bluecoat_v5 = auto_kv_for_bluecoat_v5_3_3line in thebluecoat:proxysg:access:syslogstanza indefault/props.conf. - Paste the
#REPORT-auto_kv_for_bluecoat_v5 = auto_kv_for_bluecoat_v5_3_3line in thebluecoat:proxysg:access:syslogstanza intolocal/props.conf. - Uncomment the
#REPORT-auto_kv_for_bluecoat_v5 = auto_kv_for_bluecoat_v5_3_3line inlocal/props.conf.
Fixed issues
Version 3.7.0 of the Splunk Add-on for Symantec Blue Coat ProxySG has the following fixed issues. If no issues follow, no issues have yet been reported:
Known issues
Version 3.7.0 of the Splunk Add-on for Symantec Blue Coat ProxySG has the following known issues. If no issues follow, no issues have yet been reported:
Third-party software attributions
Version 3.7.0 of the Splunk Add-on for Symantec Blue Coat ProxySG does not incorporate any third-party software or libraries.
Version 3.6.0
Version 3.6.0 the Splunk Add-on for Symantec Blue Coat ProxySG was released on October 21, 2019.
Compatibility
| Splunk platform versions | 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.0 |
| CIM | 4.12 |
| Platforms | Platform independent |
| Vendor Products | Bluecoat ProxySG OS 5.3.3, 6.5.x, 6.6.3.2, 6.6.4.2 |
Upgrade
If you are using only one specific version of Blue Coat logs, you can comment out the Report-auto_kv lines for the unused versions in default/props.conf to improve search performance.
Unlike previous versions, versions 3.5.0 and above of the Splunk Add-on for Symantec Blue Coat ProxySG do not support Blue Coat version 5.3.3 logs by default. If you want to ingest version 5.3.3 logs, complete these steps:
- Open or create a
local/props.conffile. - Open
default/props.conf. - Copy the
#REPORT-auto_kv_for_bluecoat_v5 = auto_kv_for_bluecoat_v5_3_3line in thebluecoat:proxysg:access:syslogstanza indefault/props.conf. - Paste the
#REPORT-auto_kv_for_bluecoat_v5 = auto_kv_for_bluecoat_v5_3_3line in thebluecoat:proxysg:access:syslogstanza intolocal/props.conf. - Uncomment the
#REPORT-auto_kv_for_bluecoat_v5 = auto_kv_for_bluecoat_v5_3_3line inlocal/props.conf.
New Features
Version 3.6.0 of the Splunk Add-on for Symantec Bluecoat ProxySG has the following new features:
- Support for the
bluecoat:proxysg:access:kvsourcetype.
Fixed issues
Version 3.6.0 of the Splunk Add-on for Symantec Blue Coat ProxySG has the following fixed issues. If no issues follow, no issues have yet been reported:
Known issues
Version 3.6.0 of the Splunk Add-on for Symantec Blue Coat ProxySG has the following known issues. If no issues follow, no issues have yet been reported:
Third-party software attributions
Version 3.6.0 of the Splunk Add-on for Symantec Blue Coat ProxySG does not incorporate any third-party software or libraries.
Version 3.5.0
Version 3.5.0 of the Splunk Add-on for Symantec Blue Coat ProxySG was released on October 29, 2018.
Compatibility
| Splunk platform versions | 6.6.x, 7.0.x, 7.1.x, 7.2.x |
| CIM | 4.12 |
| Platforms | Platform independent |
| Vendor Products | Bluecoat ProxySG OS 5.3.3, 6.5.x, 6.6.3.2, 6.6.4.2 |
Upgrade
If you are using only one specific version of Blue Coat logs, you can comment out the Report-auto_kv lines for the unused versions in default/props.conf to improve search performance.
Unlike previous versions, version 3.5.0 of the Splunk Add-on for Symantec Blue Coat ProxySG does not support Blue Coat version 5.3.3 logs by default. If you want to ingest version 5.3.3 logs, complete these steps:
- Open or create a
local/props.conffile. - Open
default/props.conf. - Copy the
#REPORT-auto_kv_for_bluecoat_v5 = auto_kv_for_bluecoat_v5_3_3line in thebluecoat:proxysg:access:syslogstanza indefault/props.conf. - Paste the
#REPORT-auto_kv_for_bluecoat_v5 = auto_kv_for_bluecoat_v5_3_3line in thebluecoat:proxysg:access:syslogstanza intolocal/props.conf. - Uncomment the
#REPORT-auto_kv_for_bluecoat_v5 = auto_kv_for_bluecoat_v5_3_3line inlocal/props.conf.
New Features
Version 3.5.0 of the Splunk Add-on for Symantec Bluecoat ProxySG has the following new features:
- Improved load balancing on the universal forwarder
- Support for Bluecoat ProxySG 6.6.x.x
Fixed issues
Version 3.5.0 of the Splunk Add-on for Symantec Blue Coat ProxySG has the following fixed issues. If no issues follow, no issues have yet been reported:
Known issues
Version 3.5.0 of the Splunk Add-on for Symantec Blue Coat ProxySG has the following known issues. If no issues follow, no issues have yet been reported:
Third-party software attributions
Version 3.5.0 of the Splunk Add-on for Symantec Blue Coat ProxySG does not incorporate any third-party software or libraries.
Version 3.4.2
Version 3.4.2 of the Splunk Add-on for Blue Coat ProxySG was released on April 1, 2016. Version 3.4.2 of the Splunk Add-on for Blue Coat ProxySG is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.3 and later |
| CIM | 4.2 and later |
| Platforms | Platform independent |
| Vendor Products | Blue Coat ProxySG 5.3.3 and 6.5.x |
Upgrade from 3.4.0 or 3.4.1 to 3.4.2
There are no upgrade issues if you are upgrading from version 3.4.0 or 3.4.1 to 3.4.2.
New Installation
If you are installing the Splunk Add-on for Blue Coat ProxySG for the first time and you also use Splunk Enterprise Security, follow the instructions in this section.
The Splunk Add-on for Blue Coat ProxySG replaces TA-bluecoat, released only as a component of the Splunk Enterprise Security app. If you have Splunk Enterprise Security installed, disable the inputs for TA-bluecoat to allow this new add-on to take over. Back up any local configurations for TA-bluecoat before you install this new add-on.
At search time, the Splunk Add-on for Blue Coat ProxySG automatically renames the source types for older data from bluecoat to bluecoat:proxysg:access:syslog to match the source type definitions of this new version.
Fixed Issues
Version 3.4.2 of the Splunk Add-on for Blue Coat ProxySG has the following fixed issue.
| Date | Issue number | Description |
| 2016-03-11 | ADDON-8250 | Performance issues in Splunk Enterprise Security related to tag expansions. |
Known issues
Version 3.4.2 of the Splunk Add-on for Blue Coat ProxySG has the following known issue.
| Date | Issue number | Description |
| 2015-09-19 | ADDON-5678 | Field extraction fails if the http_user_agent is not enclosed in quotes. If an http_user_agent is not present in the logs, Blue Coat provides a dash (-) without quotes. |
Third-party software attributions
Version 3.4.2 of the Splunk Add-on for Blue Coat ProxySG does not incorporate any third-party software or libraries.
Version 3.4.1
Version 3.4.1 of the Splunk Add-on for Blue Coat ProxySG is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.3, 6.2 |
| CIM | 4.2 and above |
| Platforms | Platform independent |
| Vendor Products | Blue Coat ProxySG 5.3.3 and 6.5.x |
Known issues
Version 3.4.1 of the Splunk Add-on for Blue Coat ProxySG has the following known issue.
| Date | Issue number | Description |
| 2015-09-19 | ADDON-5678 | Field extraction fails if the http_user_agent is not enclosed in quotes. If an http_user_agent is not present in the logs, Blue Coat provides a dash (-) without quotes. |
Third-party software attributions
Version 3.4.1 of the Splunk Add-on for Blue Coat ProxySG does not incorporate any third-party software or libraries.
Version 3.4.0
Version 3.4.0 of the Splunk Add-on for Blue Coat ProxySG was compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.3, 6.2 |
| CIM | 4.2 |
| Platforms | Platform independent |
| Vendor Products | Blue Coat ProxySG |
Migration Guide
The Splunk Add-on for Blue Coat ProxySG replaces TA-bluecoat, released only as a component of the Splunk App for Enterprise Security. If you have the Splunk App for Enterprise Security installed, disable the inputs for TA-bluecoat to allow this new add-on to take over. Back up any local configurations for TA-bluecoat before you install this new add-on.
At search time, the Splunk Add-on for Blue Coat ProxySG automatically renames the source types for older data from bluecoat to bluecoat:proxysg:access:syslog to match the source type definitions of this new version.
New features
Version 3.4.0 of the Splunk Add-on for Blue Coat ProxySG had the following new features.
| Date | Issue number | Description |
| 05/08/15 | ADDON-1546 | Newly Splunk-supported outside of the Splunk App for Enterprise Security and updated to include support for Blue Coat ProxySG version 6. |
Known issues
Version 3.4.0 of the Splunk Add-on for Blue Coat ProxySG had the following known issue.
| Date | Issue number | Description |
| 08/20/15 | ADDON-5043 | When using syslog to collect Blue Coat log files, header lines are imported and parsed incorrectly. |
Third-party software attributions
Version 3.4.0 of the Splunk Add-on for Blue Coat ProxySG does not incorporate any third-party software or libraries.
| Release notes for the Splunk Add-on for Symantec Blue Coat ProxySG |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!