Splunk® Supported Add-ons

Splunk Add-on for Symantec Blue Coat ProxySG and ASG

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Release notes for the Splunk Add-on for Symantec Blue Coat ProxySG

Version 3.8.0 of the Splunk Add-on for Symantec Blue Coat ProxySG was released on January 2022.

Compatibility

Splunk platform versions ,8.1,8.2
CIM
Platforms Platform independent
Vendor Products Bluecoat ProxySG version OS 6.7.5, 7.2.2.1,7.3.x

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New Features

Version 3.8.0 of the Splunk Add-on for Symantec Bluecoat ProxySG has the following new features:

  • Support for Bluecoat ProxySG version 6.7.5 and 7.2.2.1 has been added to sourcetypes bluecoat:proxysg:access:file and bluecoat:proxysg:access:kv.

Additional Notes

Please note the following changes in this release:


source sourcetype fields added
6.7.x.log bluecoat:proxysg:access:syslog cs_host
cs_host
bytes_in
time
uri_path
cs_auth_group
cs_method
x_bluecoat_transaction_uuid
http_user_agent
cs_categories
date
x_bluecoat_application_name
vendor_categories
cs_uri_extension
http_referrer
x_icap_respmod_header
sc_status
x_virus_id
cs_uri_query
s_supplier_name
sc_filter_result
http_method
cs_User_Agent
dest_port
x_access_security_policy_reason
src
category
action
uri_query
http_referrer_domain
url_domain
cs_Referer
s_supplier_failures
dest_host
dvc
x_bluecoat_application_groups
s_action
s_ip
cs_bytes
bytes_out
cs_uri_port
http_content_type
sc_bytes
user
cs_username
dest
cs_uri_path
http_user_agent_length
transport
x_icap_reqmod_header
time_taken
status
x_access_security_policy_action
duration
s_supplier_country
bytes
x_bluecoat_application_operation
cs_threat_risk
cs_uri_scheme
rs_Content_Type
url
x_exception_id
c_ip
vendor_action
s_supplier_ip
7.3.x.log bluecoat:proxysg:access:kv url_domain
bw3c.log bluecoat:proxysg:access:file http_referrer_domain
url_domain

Upgrade

If you are using only one specific version of Blue Coat logs, you can comment out the Report-auto_kv lines for the unused versions in default/props.conf to improve search performance.

Fixed issues

Version 3.8.0 of the Splunk Add-on for Symantec Blue Coat ProxySG has the following fixed issues. If no issues are listed, no issues have yet been reported:


Known issues

Version 3.8.0 of the Splunk Add-on for Symantec Blue Coat ProxySG has the following known issues. If no issues are listed, no issues have yet been reported:


Third-party software attributions

Version 3.7.0 of the Splunk Add-on for Symantec Blue Coat ProxySG does not incorporate any third-party software or libraries.

Last modified on 11 April, 2022
PREVIOUS
Installation overview for the Splunk Add-on for Symantec Blue Coat ProxySG
  NEXT
Release history for the Splunk Add-on for Symantec Blue Coat ProxySG

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters