Hi, How do I configure Splunk for Squid to parse Squid ver.3.1 logs. Out of the box SplunkForSquid can't find any events, although there are thousands of Squid events in my Splunk installation. Can someone please help. I've tried formatting the access.log as follows.
logformat custom %tu %>a %Ss %<Hs %st %rm % >ru %<A %rp %un %sh %<a %mt
duration tu
clientip >a
action Ss
http_status <Hs
bytes st
method rm
uri ru
uri_host <A
uri_path rp
username un
hierarchy (Can find appropirate code, sh not available)
server_ip <a
content_type mt
Regards,
John
... View more