hope that someone can help me to solve my issue. I've already read all the related topics on this forum but didn't find anything apt to me.
So I use ELK to parse and process the access.log files of my Squid proxy/cache server and everything works fine for the current access.log file. The problem is that when I uncompress the old log files, rename them as access1.log, access2.log etc.. etc.. in order to pass these old file I didn't get any result.
I setted up also Filebeat to send the output to Logstah on "localhost:5044" and under "Filebeat prospector" the path to be fetched is /var/log/squid/*.log, then in /usr/share/logstash I have a pipeline-file where logstash takes the input from Filebeat, parse with grok and send the output to Elasticsearch.
Here ist beat-pipeline config: https://pastebin.com/mF6UPmGc
Thanks in advance to anyone.
I'm running Ubuntu Server 16.04 and Elasticasearch, Kibana and Lostash are the 6.2.4.