Splunk® Supported Add-ons

Splunk Add-on for Symantec Blue Coat ProxySG and ASG

Download manual as PDF

Download topic as PDF

Release history for the Splunk Add-on for Symantec Blue Coat ProxySG

The latest version of the Splunk Add-on for Symantec Blue Coat ProxySG is version 3.5.0 See Release notes for the Splunk Add-on for Symantec Blue Coat ProxySG for release notes of this latest version.

Version 3.5.0

Version 3.5.0 of the Splunk Add-on for Symantec Blue Coat ProxySG was released on October 29, 2018.

Compatibility

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x
CIM 4.12
Platforms Platform independent
Vendor Products Bluecoat ProxySG OS 5.3.3, 6.5.x, 6.6.3.2, 6.6.4.2

Upgrade

If you are using only one specific version of Blue Coat logs, you can comment out the Report-auto_kv lines for the unused versions in default/props.conf to improve search performance.

Unlike previous versions, version 3.5.0 of the Splunk Add-on for Symantec Blue Coat ProxySG does not support Blue Coat version 5.3.3 logs by default. If you want to ingest version 5.3.3 logs, complete these steps:

  1. Open or create a local/props.conf file.
  2. Open default/props.conf.
  3. Copy the #REPORT-auto_kv_for_bluecoat_v5 = auto_kv_for_bluecoat_v5_3_3 line in the bluecoat:proxysg:access:syslog stanza in default/props.conf.
  4. Paste the #REPORT-auto_kv_for_bluecoat_v5 = auto_kv_for_bluecoat_v5_3_3 line in the bluecoat:proxysg:access:syslog stanza into local/props.conf.
  5. Uncomment the #REPORT-auto_kv_for_bluecoat_v5 = auto_kv_for_bluecoat_v5_3_3 line in local/props.conf.

New Features

Version 3.5.0 of the Splunk Add-on for Symantec Bluecoat ProxySG has the following new features:

  • Improved load balancing on the universal forwarder
  • Support for Bluecoat ProxySG 6.6.x.x

Fixed issues

Version 3.5.0 of the Splunk Add-on for Symantec Blue Coat ProxySG has the following fixed issues. If no issues follow, no issues have yet been reported:


Known issues

Version 3.5.0 of the Splunk Add-on for Symantec Blue Coat ProxySG has the following known issues. If no issues follow, no issues have yet been reported:


Third-party software attributions

Version 3.5.0 of the Splunk Add-on for Symantec Blue Coat ProxySG does not incorporate any third-party software or libraries.


Version 3.4.2

Version 3.4.2 of the Splunk Add-on for Blue Coat ProxySG was released on April 1, 2016. Version 3.4.2 of the Splunk Add-on for Blue Coat ProxySG is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.3 and later
CIM 4.2 and later
Platforms Platform independent
Vendor Products Blue Coat ProxySG 5.3.3 and 6.5.x

Upgrade from 3.4.0 or 3.4.1 to 3.4.2

There are no upgrade issues if you are upgrading from version 3.4.0 or 3.4.1 to 3.4.2.

New Installation

If you are installing the Splunk Add-on for Blue Coat ProxySG for the first time and you also use Splunk Enterprise Security, follow the instructions in this section.

The Splunk Add-on for Blue Coat ProxySG replaces TA-bluecoat, released only as a component of the Splunk Enterprise Security app. If you have Splunk Enterprise Security installed, disable the inputs for TA-bluecoat to allow this new add-on to take over. Back up any local configurations for TA-bluecoat before you install this new add-on.

At search time, the Splunk Add-on for Blue Coat ProxySG automatically renames the source types for older data from bluecoat to bluecoat:proxysg:access:syslog to match the source type definitions of this new version.

Fixed Issues

Version 3.4.2 of the Splunk Add-on for Blue Coat ProxySG has the following fixed issue.

Date Issue number Description
2016-03-11 ADDON-8250 Performance issues in Splunk Enterprise Security related to tag expansions.

Known issues

Version 3.4.2 of the Splunk Add-on for Blue Coat ProxySG has the following known issue.

Date Issue number Description
2015-09-19 ADDON-5678 Field extraction fails if the http_user_agent is not enclosed in quotes. If an http_user_agent is not present in the logs, Blue Coat provides a dash (-) without quotes.

Third-party software attributions

Version 3.4.2 of the Splunk Add-on for Blue Coat ProxySG does not incorporate any third-party software or libraries.


Version 3.4.1

Version 3.4.1 of the Splunk Add-on for Blue Coat ProxySG is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.3, 6.2
CIM 4.2 and above
Platforms Platform independent
Vendor Products Blue Coat ProxySG 5.3.3 and 6.5.x

Known issues

Version 3.4.1 of the Splunk Add-on for Blue Coat ProxySG has the following known issue.

Date Issue number Description
2015-09-19 ADDON-5678 Field extraction fails if the http_user_agent is not enclosed in quotes. If an http_user_agent is not present in the logs, Blue Coat provides a dash (-) without quotes.

Third-party software attributions

Version 3.4.1 of the Splunk Add-on for Blue Coat ProxySG does not incorporate any third-party software or libraries.

Version 3.4.0

Version 3.4.0 of the Splunk Add-on for Blue Coat ProxySG was compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.3, 6.2
CIM 4.2
Platforms Platform independent
Vendor Products Blue Coat ProxySG

Migration Guide

The Splunk Add-on for Blue Coat ProxySG replaces TA-bluecoat, released only as a component of the Splunk App for Enterprise Security. If you have the Splunk App for Enterprise Security installed, disable the inputs for TA-bluecoat to allow this new add-on to take over. Back up any local configurations for TA-bluecoat before you install this new add-on.

At search time, the Splunk Add-on for Blue Coat ProxySG automatically renames the source types for older data from bluecoat to bluecoat:proxysg:access:syslog to match the source type definitions of this new version.

New features

Version 3.4.0 of the Splunk Add-on for Blue Coat ProxySG had the following new features.

Date Issue number Description
05/08/15 ADDON-1546 Newly Splunk-supported outside of the Splunk App for Enterprise Security and updated to include support for Blue Coat ProxySG version 6.

Known issues

Version 3.4.0 of the Splunk Add-on for Blue Coat ProxySG had the following known issue.

Date Issue number Description
08/20/15 ADDON-5043 When using syslog to collect Blue Coat log files, header lines are imported and parsed incorrectly.

Third-party software attributions

Version 3.4.0 of the Splunk Add-on for Blue Coat ProxySG does not incorporate any third-party software or libraries.

PREVIOUS
Release notes for the Splunk Add-on for Symantec Blue Coat ProxySG
  NEXT
Hardware and software requirements for the Splunk Add-on for Symantec Blue Coat ProxySG

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters