Splunk® Supported Add-ons

Splunk Add-on for Squid Proxy

Troubleshoot the Splunk Add-on for Squid Proxy

General troubleshooting

For helpful troubleshooting tips that you can apply to all add-ons, see "Troubleshoot add-ons" in Splunk Add-ons. For additional resources, see "Support and resource links for add-ons" in Splunk Add-ons.

Squid does not restart when you modify the format

Check the status of the squid server after adding the new logformat splunk_recommended_squid. If you see unknown errors and the restart is not successful, check the cache.log for errors:

fopen: No such file or directory
:
:
2020/11/30 06:19:15 kid1| logfileHandleWrite: daemon:/var/logs/squid/access.log: error writing ((32) Broken pipe)
:

One cause is that the access logs may not be in the correct location. Open squid.conf in edit mode and update the path for the access log daemon. For example, if the correct path is /var/log/squid/access.log, the path will be:

access_log daemon:/var/log/squid/access.log splunk_recommended_squid
Last modified on 04 December, 2023
Configure monitor input for the Splunk Add-on for Squid Proxy   Lookups for the Splunk Add-on for Squid Proxy

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters