diff --git a/.tests/angie_http-logs/angie_http-logs.log b/.tests/angie_http-logs/angie_http-logs.log
new file mode 100644
index 00000000000..4d6cfc74ddd
--- /dev/null
+++ b/.tests/angie_http-logs/angie_http-logs.log
@@ -0,0 +1,7 @@
+192.168.1.1 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1"
+192.168.1.1 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+www.crowdsec.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+www.crowdsec11.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+www.crowdsec11.net:80 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+2021/12/01 13:53:33 [error] 31#31: *46 "/usr/share/angie/html/market/index.html" is not found (2: No such file or directory), client: 172.17.0.1, server: localhost, request: "GET /market/ HTTP/1.1", host: "localhost"
diff --git a/.tests/angie_http-logs/config.yaml b/.tests/angie_http-logs/config.yaml
new file mode 100644
index 00000000000..b44eab31265
--- /dev/null
+++ b/.tests/angie_http-logs/config.yaml
@@ -0,0 +1,11 @@
+parsers:
+    - crowdsecurity/syslog-logs
+    - ./parsers/s01-parse/marat2509/angie-logs.yaml
+    - crowdsecurity/http-logs
+    - crowdsecurity/dateparse-enrich
+scenarios:
+    - ""
+postoverflows:
+    - ""
+log_file: angie_http-logs.log
+log_type: angie
diff --git a/.tests/angie_http-logs/parser.assert b/.tests/angie_http-logs/parser.assert
new file mode 100644
index 00000000000..2d7e998a2a0
--- /dev/null
+++ b/.tests/angie_http-logs/parser.assert
@@ -0,0 +1,628 @@
+len(results) == 4
+len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 7
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:07:25:02 +0000] \"GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1\" 404 522 \"-\" \"Go-http-client/1.1\""
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "angie"
+basename(results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:08:41:43 +0000] \"GET /index.php/nous-contacter/ HTTP/1.1\" 500 550 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\""
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["program"] == "angie"
+basename(results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["message"] == "192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["program"] == "angie"
+basename(results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["message"] == "www.crowdsec.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["program"] == "angie"
+basename(results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["message"] == "www.crowdsec11.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["program"] == "angie"
+basename(results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["message"] == "www.crowdsec11.net:80 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 301 0 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["program"] == "angie"
+basename(results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["message"] == "2021/12/01 13:53:33 [error] 31#31: *46 \"/usr/share/angie/html/market/index.html\" is not found (2: No such file or directory), client: 172.17.0.1, server: localhost, request: \"GET /market/ HTTP/1.1\", host: \"localhost\""
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["program"] == "angie"
+basename(results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Whitelisted == false
+len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 7
+results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][2].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][3].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][4].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][6].Success == false
+len(results["s01-parse"]["marat2509/angie-logs"]) == 7
+results["s01-parse"]["marat2509/angie-logs"][0].Success == true
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Parsed["body_bytes_sent"] == "522"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Parsed["http_referer"] == "-"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Parsed["http_user_agent"] == "Go-http-client/1.1"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Parsed["http_version"] == "1.1"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:07:25:02 +0000] \"GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1\" 404 522 \"-\" \"Go-http-client/1.1\""
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Parsed["program"] == "angie"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Parsed["remote_user"] == "-"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Parsed["request"] == "/.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Parsed["status"] == "404"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Parsed["time_local"] == "04/Jan/2020:07:25:02 +0000"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Parsed["verb"] == "GET"
+basename(results["s01-parse"]["marat2509/angie-logs"][0].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Meta["http_path"] == "/.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Meta["http_status"] == "404"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Meta["http_user_agent"] == "Go-http-client/1.1"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Meta["http_verb"] == "GET"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Meta["log_type"] == "http_access-log"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Meta["service"] == "http"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s01-parse"]["marat2509/angie-logs"][0].Evt.Whitelisted == false
+results["s01-parse"]["marat2509/angie-logs"][1].Success == true
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Parsed["body_bytes_sent"] == "550"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Parsed["http_referer"] == "-"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Parsed["http_version"] == "1.1"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:08:41:43 +0000] \"GET /index.php/nous-contacter/ HTTP/1.1\" 500 550 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\""
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Parsed["program"] == "angie"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Parsed["remote_user"] == "-"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Parsed["request"] == "/index.php/nous-contacter/"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Parsed["status"] == "500"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Parsed["time_local"] == "04/Jan/2020:08:41:43 +0000"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Parsed["verb"] == "GET"
+basename(results["s01-parse"]["marat2509/angie-logs"][1].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Meta["http_path"] == "/index.php/nous-contacter/"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Meta["http_status"] == "500"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Meta["http_verb"] == "GET"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Meta["log_type"] == "http_access-log"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Meta["service"] == "http"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s01-parse"]["marat2509/angie-logs"][1].Evt.Whitelisted == false
+results["s01-parse"]["marat2509/angie-logs"][2].Success == true
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Parsed["body_bytes_sent"] == "803"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Parsed["http_referer"] == "-"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Parsed["http_version"] == "1.1"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Parsed["message"] == "192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Parsed["program"] == "angie"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Parsed["remote_user"] == "-"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Parsed["request"] == "/solr/admin/info/system?wt=json"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Parsed["status"] == "500"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Parsed["verb"] == "GET"
+basename(results["s01-parse"]["marat2509/angie-logs"][2].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Meta["http_path"] == "/solr/admin/info/system?wt=json"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Meta["http_status"] == "500"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Meta["http_verb"] == "GET"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Meta["log_type"] == "http_access-log"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Meta["service"] == "http"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s01-parse"]["marat2509/angie-logs"][2].Evt.Whitelisted == false
+results["s01-parse"]["marat2509/angie-logs"][3].Success == true
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Parsed["body_bytes_sent"] == "803"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Parsed["http_referer"] == "-"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Parsed["http_version"] == "1.1"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Parsed["message"] == "www.crowdsec.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Parsed["program"] == "angie"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Parsed["remote_user"] == "-"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Parsed["request"] == "/solr/admin/info/system?wt=json"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Parsed["status"] == "500"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Parsed["target_fqdn"] == "www.crowdsec.net"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Parsed["verb"] == "GET"
+basename(results["s01-parse"]["marat2509/angie-logs"][3].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Meta["http_path"] == "/solr/admin/info/system?wt=json"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Meta["http_status"] == "500"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Meta["http_verb"] == "GET"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Meta["log_type"] == "http_access-log"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Meta["service"] == "http"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Meta["target_fqdn"] == "www.crowdsec.net"
+results["s01-parse"]["marat2509/angie-logs"][3].Evt.Whitelisted == false
+results["s01-parse"]["marat2509/angie-logs"][4].Success == true
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Parsed["body_bytes_sent"] == "803"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Parsed["http_referer"] == "-"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Parsed["http_version"] == "1.1"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Parsed["message"] == "www.crowdsec11.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Parsed["program"] == "angie"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Parsed["remote_user"] == "-"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Parsed["request"] == "/test/uppercase/extensions.JPG"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Parsed["status"] == "500"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Parsed["target_fqdn"] == "www.crowdsec11.net"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Parsed["verb"] == "GET"
+basename(results["s01-parse"]["marat2509/angie-logs"][4].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Meta["http_path"] == "/test/uppercase/extensions.JPG"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Meta["http_status"] == "500"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Meta["http_verb"] == "GET"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Meta["log_type"] == "http_access-log"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Meta["service"] == "http"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Meta["target_fqdn"] == "www.crowdsec11.net"
+results["s01-parse"]["marat2509/angie-logs"][4].Evt.Whitelisted == false
+results["s01-parse"]["marat2509/angie-logs"][5].Success == true
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Parsed["body_bytes_sent"] == "0"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Parsed["http_referer"] == "-"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Parsed["http_version"] == "1.1"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Parsed["message"] == "www.crowdsec11.net:80 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 301 0 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Parsed["port"] == "80"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Parsed["program"] == "angie"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Parsed["remote_user"] == "-"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Parsed["request"] == "/test/uppercase/extensions.JPG"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Parsed["status"] == "301"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Parsed["target_fqdn"] == "www.crowdsec11.net"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Parsed["verb"] == "GET"
+basename(results["s01-parse"]["marat2509/angie-logs"][5].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Meta["http_path"] == "/test/uppercase/extensions.JPG"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Meta["http_status"] == "301"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Meta["http_verb"] == "GET"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Meta["log_type"] == "http_access-log"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Meta["service"] == "http"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Meta["target_fqdn"] == "www.crowdsec11.net"
+results["s01-parse"]["marat2509/angie-logs"][5].Evt.Whitelisted == false
+results["s01-parse"]["marat2509/angie-logs"][6].Success == true
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Parsed["cid"] == "46"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Parsed["http_version"] == "1.1"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Parsed["loglevel"] == "error"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Parsed["message"] == "\"/usr/share/angie/html/market/index.html\" is not found (2: No such file or directory)"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Parsed["pid"] == "31"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Parsed["program"] == "angie"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Parsed["remote_addr"] == "172.17.0.1"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Parsed["request"] == "/market/"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Parsed["target_fqdn"] == "localhost"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Parsed["tid"] == "31"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Parsed["time"] == "2021/12/01 13:53:33"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Parsed["verb"] == "GET"
+basename(results["s01-parse"]["marat2509/angie-logs"][6].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Meta["http_path"] == "/market/"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Meta["http_verb"] == "GET"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Meta["log_type"] == "http_error-log"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Meta["service"] == "http"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Meta["source_ip"] == "172.17.0.1"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Meta["target_fqdn"] == "localhost"
+results["s01-parse"]["marat2509/angie-logs"][6].Evt.Whitelisted == false
+len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 7
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["body_bytes_sent"] == "522"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["http_referer"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["http_user_agent"] == "Go-http-client/1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["http_version"] == "1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:07:25:02 +0000] \"GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1\" 404 522 \"-\" \"Go-http-client/1.1\""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["program"] == "angie"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["request"] == "/.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["status"] == "404"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["time_local"] == "04/Jan/2020:07:25:02 +0000"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_path"] == "/.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_status"] == "404"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_user_agent"] == "Go-http-client/1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2020-01-04T07:25:02Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2020-01-04T07:25:02Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["body_bytes_sent"] == "550"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["http_referer"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["http_version"] == "1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:08:41:43 +0000] \"GET /index.php/nous-contacter/ HTTP/1.1\" 500 550 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["program"] == "angie"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["request"] == "/index.php/nous-contacter/"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["status"] == "500"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["time_local"] == "04/Jan/2020:08:41:43 +0000"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_path"] == "/index.php/nous-contacter/"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_status"] == "500"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2020-01-04T08:41:43Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2020-01-04T08:41:43Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["body_bytes_sent"] == "803"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["http_referer"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["http_version"] == "1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["message"] == "192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["program"] == "angie"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["request"] == "/solr/admin/info/system?wt=json"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["status"] == "500"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["http_path"] == "/solr/admin/info/system?wt=json"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["http_status"] == "500"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["body_bytes_sent"] == "803"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["http_referer"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["http_version"] == "1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["message"] == "www.crowdsec.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["program"] == "angie"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["request"] == "/solr/admin/info/system?wt=json"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["status"] == "500"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["target_fqdn"] == "www.crowdsec.net"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_path"] == "/solr/admin/info/system?wt=json"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_status"] == "500"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["target_fqdn"] == "www.crowdsec.net"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["body_bytes_sent"] == "803"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["http_referer"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["http_version"] == "1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["message"] == "www.crowdsec11.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["program"] == "angie"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["request"] == "/test/uppercase/extensions.JPG"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["status"] == "500"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["target_fqdn"] == "www.crowdsec11.net"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_path"] == "/test/uppercase/extensions.JPG"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_status"] == "500"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["target_fqdn"] == "www.crowdsec11.net"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["body_bytes_sent"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["http_referer"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["http_version"] == "1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["message"] == "www.crowdsec11.net:80 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 301 0 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["port"] == "80"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["program"] == "angie"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["request"] == "/test/uppercase/extensions.JPG"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["status"] == "301"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["target_fqdn"] == "www.crowdsec11.net"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["http_path"] == "/test/uppercase/extensions.JPG"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["http_status"] == "301"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["target_fqdn"] == "www.crowdsec11.net"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["cid"] == "46"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["http_version"] == "1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["loglevel"] == "error"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["message"] == "\"/usr/share/angie/html/market/index.html\" is not found (2: No such file or directory)"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["pid"] == "31"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["program"] == "angie"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["remote_addr"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["request"] == "/market/"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["target_fqdn"] == "localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["tid"] == "31"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["time"] == "2021/12/01 13:53:33"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["http_path"] == "/market/"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["log_type"] == "http_error-log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["source_ip"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["target_fqdn"] == "localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["timestamp"] == "2021-12-01T13:53:33Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Enriched["MarshaledTime"] == "2021-12-01T13:53:33Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Whitelisted == false
+len(results["s02-enrich"]["crowdsecurity/http-logs"]) == 7
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Success == true
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["body_bytes_sent"] == "522"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["file_dir"] == "/.well-known/acme-challenge/"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["file_frag"] == "FMuukC2JOJ5HKmLBujjE_BkDo"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["file_name"] == "FMuukC2JOJ5HKmLBujjE_BkDo"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["http_referer"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["http_user_agent"] == "Go-http-client/1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["http_version"] == "1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["impact_completion"] == "false"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:07:25:02 +0000] \"GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1\" 404 522 \"-\" \"Go-http-client/1.1\""
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["program"] == "angie"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["request"] == "/.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["static_ressource"] == "false"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["status"] == "404"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["time_local"] == "04/Jan/2020:07:25:02 +0000"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["http_args_len"] == "0"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["http_path"] == "/.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["http_status"] == "404"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["http_user_agent"] == "Go-http-client/1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["timestamp"] == "2020-01-04T07:25:02Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Enriched["MarshaledTime"] == "2020-01-04T07:25:02Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Success == true
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["body_bytes_sent"] == "550"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["file_dir"] == "/index.php/nous-contacter/"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["http_referer"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["http_version"] == "1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["impact_completion"] == "true"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["message"] == "192.168.1.1 - - [04/Jan/2020:08:41:43 +0000] \"GET /index.php/nous-contacter/ HTTP/1.1\" 500 550 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\""
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["program"] == "angie"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["request"] == "/index.php/nous-contacter/"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["static_ressource"] == "false"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["status"] == "500"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["time_local"] == "04/Jan/2020:08:41:43 +0000"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["http_args_len"] == "0"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["http_path"] == "/index.php/nous-contacter/"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["http_status"] == "500"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["timestamp"] == "2020-01-04T08:41:43Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Enriched["MarshaledTime"] == "2020-01-04T08:41:43Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Success == true
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["body_bytes_sent"] == "803"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["file_dir"] == "/solr/admin/info/"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["file_frag"] == "system"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["file_name"] == "system"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["http_args"] == "wt=json"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["http_referer"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["http_version"] == "1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["impact_completion"] == "true"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["message"] == "192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["program"] == "angie"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["request"] == "/solr/admin/info/system"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["static_ressource"] == "false"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["status"] == "500"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["http_args_len"] == "7"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["http_path"] == "/solr/admin/info/system?wt=json"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["http_status"] == "500"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Success == true
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["body_bytes_sent"] == "803"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["file_dir"] == "/solr/admin/info/"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["file_frag"] == "system"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["file_name"] == "system"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["http_args"] == "wt=json"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["http_referer"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["http_version"] == "1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["impact_completion"] == "true"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["message"] == "www.crowdsec.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /solr/admin/info/system?wt=json HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["program"] == "angie"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["request"] == "/solr/admin/info/system"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["static_ressource"] == "false"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["status"] == "500"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["target_fqdn"] == "www.crowdsec.net"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["http_args_len"] == "7"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["http_path"] == "/solr/admin/info/system?wt=json"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["http_status"] == "500"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["target_fqdn"] == "www.crowdsec.net"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Success == true
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["body_bytes_sent"] == "803"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["file_dir"] == "/test/uppercase/"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["file_ext"] == ".JPG"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["file_frag"] == "extensions"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["file_name"] == "extensions.JPG"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["http_referer"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["http_version"] == "1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["impact_completion"] == "true"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["message"] == "www.crowdsec11.net 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 500 803 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["program"] == "angie"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["request"] == "/test/uppercase/extensions.JPG"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["static_ressource"] == "true"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["status"] == "500"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["target_fqdn"] == "www.crowdsec11.net"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_args_len"] == "0"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_path"] == "/test/uppercase/extensions.JPG"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_status"] == "500"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["target_fqdn"] == "www.crowdsec11.net"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Success == true
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["body_bytes_sent"] == "0"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["file_dir"] == "/test/uppercase/"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["file_ext"] == ".JPG"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["file_frag"] == "extensions"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["file_name"] == "extensions.JPG"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["http_referer"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["http_version"] == "1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["impact_completion"] == "true"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["message"] == "www.crowdsec11.net:80 192.168.1.1 - - [08/Jun/2020:08:04:43 +0000] \"GET /test/uppercase/extensions.JPG HTTP/1.1\" 301 0 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36\""
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["port"] == "80"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["program"] == "angie"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["remote_addr"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["remote_user"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["request"] == "/test/uppercase/extensions.JPG"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["static_ressource"] == "true"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["status"] == "301"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["target_fqdn"] == "www.crowdsec11.net"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["time_local"] == "08/Jun/2020:08:04:43 +0000"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_args_len"] == "0"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_path"] == "/test/uppercase/extensions.JPG"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_status"] == "301"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_user_agent"] == "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["target_fqdn"] == "www.crowdsec11.net"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["timestamp"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Enriched["MarshaledTime"] == "2020-06-08T08:04:43Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Success == true
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["cid"] == "46"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["file_dir"] == "/market/"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["http_version"] == "1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["impact_completion"] == "true"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["loglevel"] == "error"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["message"] == "\"/usr/share/angie/html/market/index.html\" is not found (2: No such file or directory)"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["pid"] == "31"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["program"] == "angie"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["remote_addr"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["request"] == "/market/"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["static_ressource"] == "false"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["target_fqdn"] == "localhost"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["tid"] == "31"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["time"] == "2021/12/01 13:53:33"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["datasource_path"]) == "angie_http-logs.log"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["http_args_len"] == "0"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["http_path"] == "/market/"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["log_type"] == "http_error-log"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["source_ip"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["target_fqdn"] == "localhost"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Meta["timestamp"] == "2021-12-01T13:53:33Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Enriched["MarshaledTime"] == "2021-12-01T13:53:33Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][6].Evt.Whitelisted == false
+len(results["success"][""]) == 0
+
diff --git a/.tests/angie_http-logs/scenario.assert b/.tests/angie_http-logs/scenario.assert
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/collections/marat2509/angie.md b/collections/marat2509/angie.md
new file mode 100644
index 00000000000..f61558a43a2
--- /dev/null
+++ b/collections/marat2509/angie.md
@@ -0,0 +1,22 @@
+## Angie collection
+
+A collection to defend angie against common attacks :
+ - angie parser
+ - base http scenarios (crawl, 404 scan, bf)
+
+## Acquisition template
+
+Example acquisition for this collection :
+
+```yaml
+filenames:
+  - /var/log/angie/*.log
+labels:
+  type: angie
+```
+
+
+notes :
+ -  If you are using `syslog`, set type to `syslog` instead
+ -  Depending on your distribution/OS, paths to log files might change
+ -  Only relevant if you are manually installing collection
diff --git a/collections/marat2509/angie.yaml b/collections/marat2509/angie.yaml
new file mode 100644
index 00000000000..3e2f9626131
--- /dev/null
+++ b/collections/marat2509/angie.yaml
@@ -0,0 +1,16 @@
+parsers:
+#generic post-parsing of http stuff
+  - marat2509/angie-logs
+collections:
+  - crowdsecurity/base-http-scenarios
+scenarios:
+  - crowdsecurity/nginx-req-limit-exceeded
+description: "angie support: parser and generic http scenarios"
+author: marat2509
+tags:
+  - linux
+  - nginx
+  - crawl
+  - scan
+  - angie
+
diff --git a/parsers/s01-parse/marat2509/angie-logs.md b/parsers/s01-parse/marat2509/angie-logs.md
new file mode 100644
index 00000000000..d152e4a6da2
--- /dev/null
+++ b/parsers/s01-parse/marat2509/angie-logs.md
@@ -0,0 +1,10 @@
+Parser for [Angie](https://angie.software) Logs.
+
+```yaml
+---
+filenames:
+ - /var/log/angie/access.log
+ - /var/log/angie/error.log
+labels:
+  type: angie
+```
diff --git a/parsers/s01-parse/marat2509/angie-logs.yaml b/parsers/s01-parse/marat2509/angie-logs.yaml
new file mode 100644
index 00000000000..becc4d32787
--- /dev/null
+++ b/parsers/s01-parse/marat2509/angie-logs.yaml
@@ -0,0 +1,81 @@
+filter: "evt.Parsed.program startsWith 'angie'"
+onsuccess: next_stage
+name: marat2509/angie-logs
+description: "Parse Angie access and error logs"
+pattern_syntax:
+  NGCUSTOMUSER: '[a-zA-Z0-9\.\@\-\+_%]+'
+  NGCUSTOMURIPATH: "(?:/[A-Za-z0-9$.+!*'\\(\\)\\{\\},~:;=@\\#%&_\\-]*)+"
+  NGCUSTOMURIPATHPARAM: '%{NGCUSTOMURIPATH}(?:%{URIPARAM})?'
+  NGINXERRTIME: "%{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{TIME}"
+  NGUSER: '[a-zA-Z\.\@\-\+_%]+'
+nodes:
+  - grok:
+      pattern: '(%{IPORHOST:target_fqdn}(:%{INT:port})? )?%{IPORHOST:remote_addr} - %{NGCUSTOMUSER:remote_user}? \[%{HTTPDATE:time_local}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:http_version}" %{NUMBER:status} %{NUMBER:body_bytes_sent} "%{NOTDQUOTE:http_referer}" "%{NOTDQUOTE:http_user_agent}"( %{NUMBER:request_length} %{NUMBER:request_time} \[%{DATA:proxy_upstream_name}\] \[%{DATA:proxy_alternative_upstream_name}\])?'
+      apply_on: message
+      statics:
+        - meta: log_type
+          value: http_access-log
+        - target: evt.StrTime
+          expression: evt.Parsed.time_local
+  - grok:
+      pattern: '(%{IPORHOST:target_fqdn} )?%{NGINXERRTIME:time} \[%{LOGLEVEL:loglevel}\] %{NONNEGINT:pid}#%{NONNEGINT:tid}: (\*%{NONNEGINT:cid} )?%{GREEDYDATA:message}, client: %{IPORHOST:remote_addr}, server: %{DATA:target_fqdn}, request: "%{WORD:verb} ([^/]+)?%{NGCUSTOMURIPATHPARAM:request}( HTTP/%{NUMBER:http_version})?", host: "%{IPORHOST}(:%{NONNEGINT})?"'
+      apply_on: message
+      statics:
+        - meta: log_type
+          value: http_error-log
+        - target: evt.StrTime
+          expression: evt.Parsed.time
+    pattern_syntax:
+      NO_DOUBLE_QUOTE: '[^"]+'
+    onsuccess: next_stage
+    nodes:
+      - filter: "evt.Parsed.message contains 'was not found in'"
+        pattern_syntax:
+          USER_NOT_FOUND: 'user "%{NO_DOUBLE_QUOTE:username}" was not found in "%{NO_DOUBLE_QUOTE}"'
+        grok:
+          pattern: '%{USER_NOT_FOUND}'
+          apply_on: message
+        statics:
+          - meta: sub_type
+            value: "auth_fail"
+          - meta: username
+            expression: evt.Parsed.username
+      - filter: "evt.Parsed.message contains 'password mismatch'"
+        pattern_syntax:
+          PASSWORD_MISMATCH: 'user "%{NO_DOUBLE_QUOTE:username}": password mismatch'
+        grok:
+          pattern: '%{PASSWORD_MISMATCH}'
+          apply_on: message
+        statics:
+          - meta: sub_type
+            value: "auth_fail"
+          - meta: username
+            expression: evt.Parsed.username
+      - filter: "evt.Parsed.message contains 'limiting requests, excess'"
+        statics:
+          - meta: sub_type
+            value: "req_limit_exceeded"
+  - grok:
+      pattern: '(%{IPORHOST:target_fqdn} )?%{IPORHOST:remote_addr} - (%{NGUSER:remote_user})? \[%{HTTPDATE:time_local}\] "%{DATA:request}" %{NUMBER:status} %{NUMBER:body_bytes_sent} "%{NOTDQUOTE:http_referer}" "%{NOTDQUOTE:http_user_agent}"( %{NUMBER:request_length} %{NUMBER:request_time} \[%{DATA:proxy_upstream_name}\] \[%{DATA:proxy_alternative_upstream_name}\])?'
+      apply_on: message
+    statics:
+      - meta: log_type
+        value: http_access-log
+      - target: evt.StrTime
+        expression: evt.Parsed.time_local
+
+statics:
+  - meta: service
+    value: http
+  - meta: source_ip
+    expression: "evt.Parsed.remote_addr"
+  - meta: http_status
+    expression: "evt.Parsed.status"
+  - meta: http_path
+    expression: "evt.Parsed.request"
+  - meta: http_verb
+    expression: "evt.Parsed.verb"
+  - meta: http_user_agent
+    expression: "evt.Parsed.http_user_agent"
+  - meta: target_fqdn
+    expression: "evt.Parsed.target_fqdn"