[squid] Follow up items for Squid rewrite

elastic / integrations

Elastic Integrations

https://www.elastic.co/integrations

Other

194 stars 422 forks source link

[squid] Follow up items for Squid rewrite #10920

Open taylor-swanson opened 2 weeks ago

taylor-swanson commented 2 weeks ago

The Squid integration was rewritten to use ingest pipelines in #10770. There are a few more tasks needing to be done:

Build a dashboard for Squid (there was no existing dashboard)
Improve the README/documentation

Acceptance Criteria

Dashboard for Squid has been added
Documentation for Squid has been improved. Includes at the very least:
- Setup instructions on the Squid side
- Supported formats (only Access log at the moment)
- Field documentation
- Sample event

elasticmachine commented 2 weeks ago

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

andrewkroh commented 2 weeks ago

Is #6768 relevant for squid after the rewrite? If not, can you amend that issue to make this clear.

(I was checking to see if there were any open issues tagged with squid.)

taylor-swanson commented 2 weeks ago

Is #6768 relevant for squid after the rewrite? If not, can you amend that issue to make this clear.

(I was checking to see if there were any open issues tagged with squid.)

Good question. For right now, I don't think so. The timestamp in Squid's access log is a UTC unix timestamp, so a separate time zone config isn't necessary.

EDIT: Just read closer and that referred to the add_locale processor specifically. Let me check... EDIT2: add_locale is no longer, so no action needed here.