Filtering proxy domains



we integrating at the moment graylog to our structure. Now we would like to log our proxy squid. Now we have one problem.

The domain is show´n as „“ instead of „“ . Is there a way to filter the domain?

Or how does the extractor look like?

Best regards

(Jochen) #2

Which domain? Please elaborate on what you’re trying to accomplish.

This being said, there’s a content pack for Squid on the Graylog Marketplace:


If you mean you you have a field called “domain” that contains and you want to get rid of everything before the first stop, you can try creating a regex extractor for the field

as a regex (try the Try-button to see if it produces what you want).

Then make the extractor save the result in the field domain (you can overwrite the field with an extractor).