Squid parsers config

squid2.json

{
  "parserClassName": "org.apache.metron.parsers.GrokParser",
  "filterClassName": null,
  "sensorTopic": "squid2",
  "writerClassName": null,
  "errorWriterClassName": null,
  "invalidWriterClassName": null,
  "readMetadata": false,
  "mergeMetadata": false,
  "numWorkers": null,
  "numAckers": null,
  "spoutParallelism": 1,
  "spoutNumTasks": 1,
  "parserParallelism": 1,
  "parserNumTasks": 1,
  "errorWriterParallelism": 1,
  "errorWriterNumTasks": 1,
  "spoutConfig": null,
  "securityProtocol": null,
  "stormConfig": null,
  "parserConfig": {
    "grokPath": "/patterns/squid",
    "patternLabel": "SQUID_DELIMITED",
    "timestampField": "timestamp"
  },
  "fieldTransformations": [
    {
      "input": [],
      "output": [
        "full_hostname",
        "domain_without_subdomains",
        "count_unique_dist_addr",
        "is_alert"
      ],
      "transformation": "STELLAR",
      "config": {
        "full_hostname": "URL_TO_HOST(url)",
        "domain_without_subdomains": "DOMAIN_REMOVE_SUBDOMAINS(full_hostname)",
        "count_unique_dist_addr": "REDUCE(PROFILE_GET( 'count_unique_dist_addr', ip_dst_addr, PROFILE_FIXED(1, 'DAYS')), (sum, x) -> sum + x, 0)",
        "is_alert": true
      }
    }
  ]
}