HTTPD_COMBINEDLOG pattern conflicts with ECS v1.0

Question

HTTPD_COMBINEDLOG pattern conflicts with ECS v1.0

C-Duv opened this issue 5 years ago · comments

The HTTPD_COMBINEDLOG pattern creates a agent field which conflicts with the agent field of ECS 1.0.

Brandon Hume · Answer 1 · Sat Jun 22 2019 01:07:55 GMT+0800 (China Standard Time)

I'm running into this as well. I'd propose renaming the match to "useragent", and I will in my own configuration, but I'm not sure what kind of downstream effects that'll have.

Henrique Oliveira · Answer 2 · Fri Sep 13 2019 21:18:33 GMT+0800 (China Standard Time)

any workaround for this?

tcassaert · Answer 3 · Thu Oct 03 2019 19:34:13 GMT+0800 (China Standard Time)

What I've done is replacing the HTTPD_COMBINEDLOG pattern with %{HTTPD_COMMONLOG} %{QS:referrer} %{QS:client_agent}. This avoids having a conflicting agent field.

Daniel Santos · Answer 4 · Sat Jan 11 2020 08:13:42 GMT+0800 (China Standard Time)

Faced the same issue and used the workaround @tcassaert suggested. I'd suggest to have the agent changed to useragent