Splunk® Supported Add-ons

Splunk Add-on for Symantec Blue Coat ProxySG and ASG

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Lookups for the Splunk Add-on for Symantec Blue Coat ProxySG

The BlueCoat Proxy actions lookup defines the action and transport fields based on the vendor_action field. The file is located at: $SPLUNK_HOME/etc/apps/Splunk_TA_bluecoat-proxysg/lookups/bluecoat_proxy_actions.csv

Vendor Action Action Transport
ACCELERATED allowed socks
ALLOWED allowed ftp
DENIED blocked unknown
FAILED failed unknown
LICENSE_EXPIRED blocked socks
TUNNELED allowed unknown
TCP_ unknown tcp
TCP_AUTH_HIT allowed tcp
TCP_AUTH_MISS allowed tcp
TCP_AUTH_REDIRECT allowed tcp
TCP_CLIENT_REFRESH allowed tcp
TCP_DENIED blocked tcp
TCP_ERR_MISS failed tcp
TCP_HIT allowed tcp
TCP_LOOP blocked tcp
TCP_MEM_HIT allowed tcp
TCP_MISS allowed tcp
TCP_NC_MISS allowed tcp
TCP_PARTIAL_MISS allowed tcp
TCP_POLICY_REDIRECT allowed tcp
TCP_REFRESH_HIT allowed tcp
TCP_REFRESH_MISS allowed tcp
TCP_RESCAN_HIT allowed tcp
TCP_SPLASHED allowed tcp
TCP_SWAPFAIL failed tcp
TCP_TUNNELED allowed tcp
UDP_ unknown udp
UDP_DENIED blocked udp
UDP_HIT allowed udp
UDP_INVALID failed udp
UDP_MISS allowed udp
UDP_MISS_NOFETCH allowed udp
UDP_OBJ allowed udp
NONE unknown
TCP_ACCELERATED allowed tcp
TCP_MISS_RST allowed tcp
TCP_NC_MISS_RST allowed tcp
TCP_WEBSOCKET allowed tcp
TCP_CLIENT_REFRESH_RST blocked tcp
Last modified on 15 September, 2022
PREVIOUS
Troubleshoot the Splunk Add-on for Symantec Blue Coat ProxySG
  NEXT
Sourcetypes for the Splunk Add-on for Symantec Blue Coat ProxySG

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters