Welcome to the Splunk for Squid app! This app provides field extractions for Squid access logs as well as a dashboard and a request search interface.
This app is maintained by Patrik Nordlen. Suggestions and bug reports are appreciated.
To install, extract the .spl file in $SPLUNK_HOME/etc/apps
You will need to enable the appropriate inputs, either via inputs.conf, or through the Manager in the Splunk GUI. Splunk for Squid expects Squid access logs to have a sourcetype of "squid".
The most basic feature provided by this app is to extract fields from Squid access logs. The following fields are extracted:
These field extractions are applied to all logs with sourcetype "squid".
The app includes a custom search interface for Squid requests, available under "Request search". This interface shows tables and statistics for requests handled by Squid.
A traffic dashboard is provided, showing statistics over time for amount of requests and bandwidth consumed, as well as statistics concerning most prominent client IP addresses and destination sites.
Bugfix release, fixing two bugs:
- The time format regex used was incorrect, resulting in that the event time in the Squid logs was not used. Fixed.
- The requests search interface would not work properly with realtime searches. Fixed (kind of).
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.