Transform the Squid Message
You can customize your sensor data to provide more meaningful data. For example, you can choose to transform a url to provide the domain name of the outbound connection or the IP address. To do this, you need to add transformation information.
In the Management module, click (edit button) for your sensor.
The Management module displays the schema panel.
In the Schema box, click (expand window button).
The Management module displays the Schema panel and populates it with message, field, and value information.The Sample field, at the top of the panel, displays a parsed version of a sample message from the sensor. The Management module will test your transformations against this parsed message.You can use the right and left arrow buttons in the Sample field to view the parsed version of each sample message available from the sensor.You can apply transformations to an existing field or create a new field. Typically users choose to create and transform a new field, rather than transforming an existing field.
To add a new transformation, either click the next to a field or click the (plus sign) at the bottom of the
The module displays a new dialog box for your transformations.
Choose the field you want to transform from the INPUT
FIELD box, enter the name of the new field in the
NAME field, and then choose a function with the
appropriate parameters in the TRANSFORMATIONS box. You
can apply more than transformation to the input field.
Click SAVE to save your additions.
The Management module populates the Transforms field with the number of transformations applied to the sensor.If you change your mind and want to remove a transformation, click "-" next to the field.
- Click SAVE in the parser panel to save the transformation information.