Hey guys, running into a big of a problem with this app. We're testing the feasibility of replacing Blue Coat Reporter with Splunk but I'm not having much luck getting it to work. I've got Splunk installed and up-to-date. The Google Maps app is installed. I've setup the data input and set the log types to bcoat_log. To be safe, I created a new log type using the fields listed in the app documentation called "splunk". I'm getting data into Splunk but the logs are gibberish. The host name is correctly identified but the event data is unusable. Here is a sample of one of the logs.
100 » 8/12/13 1:25:04.000 PM
xF5x83xE5Z?xEFx9CxF2hxEQxF3x83$xF9YxA7x8EQxBDN=xFpZxB0>mx87x14xC3ϏLx15xF8 host=labproxysg Options| sourcetype=bcoat_proxysg Options| source=tcp:20108 Options
The code on my lab SG is 6.5.1.1. Splunk is version 5.0.4. Blue Coat app is version 3.0.7.
Any ideas?