I'm reviewing the links from: ECS - Squid proxy log normalization
While we're looking to map it in.
This is also interesting: https://github.com/molu8bits/squid-filebeat-kibana/blob/master/filebeat/etc/filebeat/squid-fields.yml which is ONLY the CLF, and not the full Squid format (10 fields).
This work will require us to map the squid. fields into a corresponding ECS one. I believe we'll do similar work to what was done for nginx, and the use of aliases. https://www.elastic.co/guide/en/beats/filebeat/current/exported-fields-nginx.html