Normalized case for header values - feature request

fastly / sigsci-splunk-app

Splunk app for Fastly (Signal Sciences)

https://splunkbase.splunk.com/app/3495

MIT License

9 stars 10 forks source link

Normalized case for header values - feature request #11

Closed orlando-sigsci closed 1 year ago

orlando-sigsci commented 5 years ago

Problem:

The JSON output is not normalized for the header values which end up as two fields in Splunk.
accept: / vs Accept: /

Solution:

A config option or flag to allow for case normalization of the header name/value.

dacoburn commented 4 years ago

Thinking more about this, it will always end up as two headers in the results. Even if they have the same name and same case this will still happen. These are effectively Lists of dictionaries:

{
   [ {"HeaderNameOne": "value"}, "{HeaderNameOne":"value2"}, {"Otherheader":"value"}]
}

As the values can be different, and this seems to make the most sense from searching, at the moment I have no plans on changing this.