I am trying to analyse a squid access log for top 10 reports (top sources, top destinations, etc.)
I imported the log file in
Manager » Data inputs » Files & Directories » Add New
When i keep the sourcetype=automatic, it does not seem to identify the source destination etc fields... just bundles them into one huge field, which is useless.
Elsewhere in this forum, i found someone's using sourcetype=squid_access. Where is this available for the latest version (4.1.4)? If not this, what is the best way of analysing squid logs in splunk?
... View more