I have configured my squid proxy to send the logs to Elasticsearch 7.17.6, everything is working fine, except the USER mapping.
The string expect is DOMAIN/USER, the ELK recieves it correctly on original message but then on mapping I just see DOMIN, /USER is missed.
The field type is configured as keyword in mapping and index patterns.
Anyone can help me to solve this issue.
Thanks in advance
Best regards