Squid module does not parse logs

stephenb · August 30, 2022, 2:30pm

Show me.
There are many fields available in the mapping ... but they are not shipped in each squid document.

Show me the extra fields in one of the squid documents.

What do you mean the "real" squid logs logs size the size of the file... show me where you the data stream size.

GET _cat/indices?v

Two things 1 when indices / data streams first get created there is some overhead overtime elasticsearch will optimizes that overhead and the average document size will shrink. These processes are in the background. 2nd 66mb is very small in terms of index size and some the level of the optimization is also small...

it_dev · August 31, 2022, 5:53am

On syslog server, size of access.log is 20 mb.
In ELK it is 66.6 mb.

it_dev · August 31, 2022, 6:05am

As you can see, there are many unnecessary fields (7278) in filebeat.

Only squid module is working. Why are there unnecessary fields?

system · September 28, 2022, 8:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.