We have the problem that all logs which are send from our Squid server over Filebeat with the Squid module are combined as single messages in Kibana.
The message contains 5 up to 15 entrys which are in fact single log lines from the Squid server.
The squid server is using the default log output format, but we tried different formats with no solution.
We are NOT using any "multiline" options, just the default filebeat configuration with the Squid module which shipps everything directly to ES.
We also tried to ship the logs from Squid to logstash but didn't find a solution for the multiple entries. And we want to use the Squid module at the end.
Is there a more precise guide for the squid settings than this one:
Similar asked here:
Moreover the filebeat syslog is full of this type of error messages:
> filebeat[38211]: 2020-12-14T16:57:15.980+0100#011ERROR#011[processor.javascript]#011console/console.go:54#011extract_page failed for 'www.google.com:443'
Which [processor.javascript] extract_page process is the cause of this?
This errors are in fact from the Squid module, of course not when using logstash.
It smells like a bug and reproduced the other community user's case. Would you mind opening a Github issue for filebeat and copy a couple of faulty log lines?
I have an update, after reading Squid documentation (again and again):
"...being UDP this module may drop packets when the network is under load or congested."
So we changed the Squid log output from UDP to TCP and now there is only 1 instead of 5 up to 20 messages in a single entry. As an example of the load: we have around 15.000 - 20.000 entries per 5 minutes.
But:
The "[processor.javascript] extract_page" error still exists.
It writes an error message per log entry, so around 15-20k error messages in syslog per 5 minutes.
Did you mean this error for the Github issue? Because I couldn't find a single entry regarding this error, no matter which search engine I use.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.