Hello,
we integrating at the moment graylog to our structure. Now we would like to log our proxy squid. Now we have one problem.
The domain is show´n as „example.google.com“ instead of „google.com“ . Is there a way to filter the domain?
Or how does the extractor look like?
Best regards
Which domain? Please elaborate on what you’re trying to accomplish.
This being said, there’s a content pack for Squid on the Graylog Marketplace: https://marketplace.graylog.org/addons/bd3efa5f-6ccb-47ce-97ea-6ebe0270a9c7
If you mean you you have a field called “domain” that contains example.google.com and you want to get rid of everything before the first stop, you can try creating a regex extractor for the field
try
.*?\.(.*?)
as a regex (try the Try-button to see if it produces what you want).
Then make the extractor save the result in the field domain (you can overwrite the field with an extractor).