Filtering proxy domains

Hello,

we integrating at the moment graylog to our structure. Now we would like to log our proxy squid. Now we have one problem.

The domain is show´n as „example.google.com“ instead of „google.com“ . Is there a way to filter the domain?

Or how does the extractor look like?

Best regards

Which domain? Please elaborate on what you’re trying to accomplish.

This being said, there’s a content pack for Squid on the Graylog Marketplace: the NEW Marketplace - Graylog Community

If you mean you you have a field called “domain” that contains example.google.com and you want to get rid of everything before the first stop, you can try creating a regex extractor for the field

try
.*?\.(.*?)
as a regex (try the Try-button to see if it produces what you want).

Then make the extractor save the result in the field domain (you can overwrite the field with an extractor).