---

sources:
  in_logs_squid:
    type: file
    include:
      - /var/log/squid/access.log
      - /var/log/squid/cache.log
      - /var/log/squid/ufdbgclient.log
      - /var/log/ufdbguard/ufdbguardd.log

transforms:
  format_logs_squid:
    type: remap
    inputs: ["in_logs_squid"]
    source: |
      if (.file == "/var/log/squid/access.log"){
        .squid = parse_grok!(
                   .message,
                   "%{HTTPDATE:timestamp}\\s+%{NUMBER:response_time} %{IPORHOST:src_ip} %{NOTSPACE:squid_request_status}/%{NUMBER:http_status_code} %{NUMBER:transfer_size} %{NOTSPACE:http_method} (%{URIPROTO:url_scheme}://)?(?<url_host>\\S+?)(:%{INT:url_port})?(/%{NOTSPACE:url_path})?\\s+%{NOTSPACE:client_identity}\\s+%{NOTSPACE:peer_code}/%{NOTSPACE:peerhost}\\s+%{NOTSPACE:content_type}"
                 )
      }