fix: update Bluecoat sourcetype to match TA 3.8.1

docs/sources/vendor/Broadcom/proxy.md

@@ -23,14 +23,14 @@ Broadcom products are inclusive of products formerly marketed under Symantec and
 
 | sourcetype     | notes                                                                                                   |
 |----------------|---------------------------------------------------------------------------------------------------------|
-| bluecoat:proxysg:access:kv        | Requires version TA 3.6                                                                                                    |
-| bluecoat:proxysg:syslog           | Requires version TA 3.6                                                                                                    |
+| bluecoat:proxysg:access:kv        | Requires version TA 3.8.1                                                                                                    |
+| bluecoat:proxysg:access:syslog           | Requires version TA 3.8.1                                                                                                    |
 
 ## Sourcetype and Index Configuration
 
 | key            | sourcetype     | index          | notes          |
 |----------------|----------------|----------------|----------------|
-| bluecoat_proxy      | bluecoat:proxysg:syslog       | netops          | none          |
+| bluecoat_proxy      | bluecoat:proxysg:access:syslog       | netops          | none          |
 | bluecoat_proxy_splunkkv      | bluecoat:proxysg:access:kv       | netproxy          | none          |
 
 

package/etc/conf.d/conflib/syslog/app-syslog-symantec_proxysg.conf

@@ -4,7 +4,7 @@ block parser app-syslog-symantec_proxysg() {
         rewrite {
             r_set_splunk_dest_default(
                 index("netops")
-                sourcetype('bluecoat:proxysg:syslog')
+                sourcetype('bluecoat:proxysg:access:syslog')
                 vendor('bluecoat')
                 product('proxy')
                 class('syslog')

package/lite/etc/addons/broadcom/app-syslog-symantec_proxysg.conf

@@ -4,7 +4,7 @@ block parser app-syslog-symantec_proxysg() {
         rewrite {
             r_set_splunk_dest_default(
                 index("netops")
-                sourcetype('bluecoat:proxysg:syslog')
+                sourcetype('bluecoat:proxysg:access:syslog')
                 vendor('bluecoat')
                 product('proxy')
                 class('syslog')

tests/test_symantec_proxy.py

@@ -105,7 +105,7 @@ def test_bluecoatproxySG_syslog(
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
     st = env.from_string(
-        'search _time={{ epoch }} index=netops host="{{ host }}" sourcetype="bluecoat:proxysg:syslog"'
+        'search _time={{ epoch }} index=netops host="{{ host }}" sourcetype="bluecoat:proxysg:access:syslog"'
     )
     search = st.render(epoch=epoch, host=host)