I have just installed the "Splunk for Blue Coat Proxy SG" on Splunk enterprise ver 6.3 and configured the data input from the proxy SG appliances. None of the dashboards or reports are showing any data. If I do a manual search in the bcoat_logs index with sourcetype set as bcoat_proxysg I can see all the logs from the proxy appliances in the index.
Do I have to edit the macros to get the dashboards populated? I have checked the macros and they are pointing to the correct index.
Am I missing something?
Regards,
P Sarkar
↧