Skip to content
This repository has been archived by the owner on Jul 20, 2018. It is now read-only.

http_version sometimes extracted from wrong field #2

Open
fadenb opened this issue May 12, 2016 · 0 comments
Open

http_version sometimes extracted from wrong field #2

fadenb opened this issue May 12, 2016 · 0 comments
Labels
bug

Comments

@fadenb
Copy link

fadenb commented May 12, 2016

Hey :)

I just found a weird http_version being extracted: v0.18.2
I traced it back to the following message (some parts redacted)

YYYYYYYYYYYY nginx: 151.ZZZ.48.28 - - [11/May/2016:19:07:39 +0000] "GET / HTTP/1.1" 301 178 "http://XXXXXXXXX.de/" "Pcore-HTTP/v0.18.2" "-" <msec=1462993659.671|connection=1121932|connection_requests=1|millis=0.000>

To me it looks like the current http_version extractor rule nginx:.+HTTP/(\S+)" is not specific enough and matches the last occurrence of HTTP/ followed by a string. In this case parts of the user agent matched and were extracted.
@joschi joschi added the bug label May 12, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joschi @fadenb