Hello everyone,
data flow:
Squid+file beat -->logstash -->Elastic search -->Kibana
I have set up connection to ship Squid proxy logs through file beat , i can able to see logs and some default fields in Kibana
but the access log not parsed yet(it is appearing as single message) , and i came to know that we need Squid module for this parsing operation , i believe there is no any official Squid module supported/approved by Elastic (if we have one , please throw it to me) , how can i perform this parsing operation at file beat level
sample log format:
10.x.x.x - [10/Sep/2019:16:36:00 +0000] "CONNECT clientURLXXXX:443 HTTP/1.1" 200 18572 "-" "snowflake/1.0" TCP_TUNNEL:HIER_DIRECT