Squid module does not parse logs

stephenb · August 30, 2022, 2:30pm

Show me.
There are many fields available in the mapping ... but they are not shipped in each squid document.

Show me the extra fields in one of the squid documents.

What do you mean the "real" squid logs logs size the size of the file... show me where you the data stream size.

GET _cat/indices?v

Two things 1 when indices / data streams first get created there is some overhead overtime elasticsearch will optimizes that overhead and the average document size will shrink. These processes are in the background. 2nd 66mb is very small in terms of index size and some the level of the optimization is also small...

it_dev · August 31, 2022, 5:53am

On syslog server, size of access.log is 20 mb.
In ELK it is 66.6 mb.

it_dev · August 31, 2022, 6:05am

As you can see, there are many unnecessary fields (7278) in filebeat.

Only squid module is working. Why are there unnecessary fields?

system · September 28, 2022, 8:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Squid proxy module for file beat Beats filebeat	1	739	October 10, 2019
Sending Squid Logs with Filebeat and manipulate with logstash Logstash	6	4197	March 7, 2019
Squid access.log > filebeat > logstash > elasticsearch Elasticsearch	15	13892	July 5, 2017
Parsing PFSense Proxy logs in Syslog Logstash	9	2119	October 30, 2020
Filebeats to Elasticsearch directly? Beats filebeat	2	299	September 5, 2019

Squid module does not parse logs

Related topics