I have installed squidforsplunk on splunk version 4.1.6, build 89596 on FreeBSD 8.1.
sample log line from squid
1296200057.055 19 lucas.mwrwin2k.se TCP_MISS/200 91754 GET http://material.svtplay.se/content/1/c8/02/29/43/77/antikmagasinet516.jpg - DIRECT/82.99.28.50 image/jpeg
If I search for the host or url it is not found, but if I do a search for sourcetype=squid, then the record is there.
This is true for many records.... any thoughts as to what the problem might be or how I can debug it?
... View more