You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by "Casey Stella (JIRA)" <ji...@apache.org> on 2016/06/15 21:48:09 UTC

[jira] [Created] (METRON-229) Squid parser does not parse entries which do not resolve to IPs

Casey Stella created METRON-229:
-----------------------------------

             Summary: Squid parser does not parse entries which do not resolve to IPs
                 Key: METRON-229
                 URL: https://issues.apache.org/jira/browse/METRON-229
             Project: Metron
          Issue Type: Bug
            Reporter: Casey Stella


squidclient http://finance.www.google.co.uk yields

1466026826.527     53 127.0.0.1 TCP_MISS/503 3774 GET http://finance.www.google.co.uk/ - DIRECT/finance.www.google.co.uk text/html

The Grok pattern assumes the word coming after DIRECT is an IP.  This assumes the URL is resolvable to an IP (which in this case, it is not).  The result is an non-parseable message.  We should be able to parse this.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)