From 5a58e1829a5558910c2a195425be23ce3c232622 Mon Sep 17 00:00:00 2001
From: Laurence <laurence.jones@live.co.uk>
Date: Thu, 15 Jan 2026 08:47:44 +0000
Subject: [PATCH 1/5] fix: traefik json logs when RouterName property is
 omitted

Add nil check for RouterName before parsing router components to prevent
errors when the property is missing from Traefik JSON logs.

Fixes #1643
---
 .tests/traefik_json/traefik_json.log              |  1 +
 parsers/s01-parse/crowdsecurity/traefik-logs.yaml | 10 ++++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/.tests/traefik_json/traefik_json.log b/.tests/traefik_json/traefik_json.log
index a0bbf70a253..412dfea6103 100644
--- a/.tests/traefik_json/traefik_json.log
+++ b/.tests/traefik_json/traefik_json.log
@@ -2,4 +2,5 @@
 {"ClientAddr":"172.17.0.1:39496","ClientHost":"172.17.0.1","ClientPort":"39496","ClientUsername":"-","DownstreamContentSize":358,"DownstreamStatus":200,"Duration":564849,"OriginContentSize":358,"OriginDuration":539617,"OriginStatus":200,"Overhead":25232,"RequestAddr":"test.docker.localhost","RequestContentSize":0,"RequestCount":191,"RequestHost":"test.docker.localhost","RequestMethod":"GET","RequestPath":"/594VAEoi.local","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"http","RetryAttempts":0,"RouterName":"test@docker","ServiceAddr":"172.17.0.3:80","ServiceName":"test@docker","ServiceURL":{"Scheme":"http","Opaque":"","User":null,"Host":"172.17.0.3:80","Path":"","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"StartLocal":"2021-12-08T14:02:43.589545005Z","StartUTC":"2021-12-08T14:02:43.589545005Z","downstream_Content-Length":"358","downstream_Content-Type":"text/plain; charset=utf-8","downstream_Date":"Wed, 08 Dec 2021 14:02:43 GMT","entryPointName":"http","level":"info","msg":"","origin_Content-Length":"358","origin_Content-Type":"text/plain; charset=utf-8","origin_Date":"Wed, 08 Dec 2021 14:02:43 GMT","request_Connection":"Keep-Alive","request_User-Agent":"Nikto","request_X-Forwarded-Host":"test.docker.localhost","request_X-Forwarded-Port":"80","request_X-Forwarded-Proto":"http","request_X-Forwarded-Server":"8f4adf27f2ad","request_X-Real-Ip":"172.17.0.1","time":"2021-12-08T14:02:43Z"}
 {"ClientAddr":"192.168.65.1:29366","ClientHost":"192.168.65.1","ClientPort":"29366","ClientUsername":"-","DownstreamContentSize":364,"DownstreamStatus":200,"Duration":2001375,"OriginContentSize":364,"OriginDuration":1935291,"OriginStatus":200,"Overhead":66084,"RequestAddr":"whoami.localhost","RequestContentSize":0,"RequestCount":1,"RequestHost":"whoami.localhost","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"http","RetryAttempts":0,"RouterName":"root@file -> intermediate1@file -> intermediate2@file -> leaf@file","ServiceAddr":"whoami:80","ServiceName":"whoami@file","ServiceURL":"http://whoami:80","StartLocal":"2026-01-08T14:19:15.980170592Z","StartUTC":"2026-01-08T14:19:15.980170592Z","entryPointName":"web","level":"info","msg":"","time":"2026-01-08T14:19:15Z"}
 {"ClientAddr":"192.168.65.1:29367","ClientHost":"192.168.65.1","ClientPort":"29367","ClientUsername":"-","DownstreamContentSize":364,"DownstreamStatus":200,"Duration":1500000,"OriginContentSize":364,"OriginDuration":1450000,"OriginStatus":200,"Overhead":50000,"RequestAddr":"api.localhost","RequestContentSize":0,"RequestCount":2,"RequestHost":"api.localhost","RequestMethod":"POST","RequestPath":"/api/data","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"http","RetryAttempts":0,"RouterName":"parent@file -> child@file","ServiceAddr":"api:8080","ServiceName":"api@file","ServiceURL":"http://api:8080","StartLocal":"2026-01-08T14:20:00.000000000Z","StartUTC":"2026-01-08T14:20:00.000000000Z","entryPointName":"web","level":"info","msg":"","time":"2026-01-08T14:20:00Z"}
+{"ClientAddr":"192.168.1.115:56446","ClientHost":"192.168.1.115","ClientPort":"56446","ClientUsername":"-","DownstreamContentSize":19,"DownstreamStatus":404,"Duration":10158,"GzipRatio":0,"OriginContentSize":0,"OriginDuration":0,"OriginStatus":0,"Overhead":10158,"RequestAddr":"admin.mydomain.com","RequestContentSize":0,"RequestCount":3100,"RequestHost":"admin.mydomain.com","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"StartLocal":"2026-01-14T10:45:33.759014877+01:00","StartUTC":"2026-01-14T09:45:33.759014877Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"https","level":"info","msg":"","time":"2026-01-14T10:45:33+01:00"}
 DEBUG: CrowdsecBouncerTraefikPlugin: 2025/09/05 13:53:40 handleStreamCache:updated
\ No newline at end of file
diff --git a/parsers/s01-parse/crowdsecurity/traefik-logs.yaml b/parsers/s01-parse/crowdsecurity/traefik-logs.yaml
index 7a38474d406..3b1d86c1e13 100644
--- a/parsers/s01-parse/crowdsecurity/traefik-logs.yaml
+++ b/parsers/s01-parse/crowdsecurity/traefik-logs.yaml
@@ -23,9 +23,15 @@ nodes:
   ## JSON parser - extract fields and store full router chain in traefik_router_name (backwards compatible)
   # We must use evt.Parsed.message to make sure we respect s00 stage
   - filter: TrimSpace(evt.Parsed.message) startsWith "{" && UnmarshalJSON(evt.Parsed.message, evt.Unmarshaled, "traefik") in ["", nil]
+    onsuccess: next_stage
     nodes:
+      - filter: evt.Unmarshaled.traefik.RouterName == nil
+        statics:
+          - parsed: traefik_router_name
+            value: "-"
       ## Parse root, intermediate (if any), and leaf routers from full router chain
-      - grok:
+      - filter: evt.Unmarshaled.traefik.RouterName != nil
+        grok:
           pattern: '^%{TRAEFIK_ROUTER:traefik_router_name_root}(?: -> (?:%{DATA:traefik_router_intermediate} -> )?%{TRAEFIK_ROUTER:traefik_router_leaf})?$'
           expression: evt.Unmarshaled.traefik.RouterName
     statics:
@@ -48,7 +54,7 @@ nodes:
         expression: int(evt.Unmarshaled.traefik.Duration)
       - parsed: traefik_router_name
         ## Full router chain (backwards compatible)
-        expression: evt.Unmarshaled.traefik.RouterName
+        expression: "evt.Unmarshaled.traefik.RouterName != nil ? evt.Unmarshaled.traefik.RouterName : ''"
       - parsed: time_local
         expression: evt.Unmarshaled.traefik.time
       - parsed: verb

From d78e6e2f59ded455e774f9199462ab7a4ab49d70 Mon Sep 17 00:00:00 2001
From: Laurence <laurence.jones@live.co.uk>
Date: Thu, 15 Jan 2026 08:48:23 +0000
Subject: [PATCH 2/5] test: add assertions for traefik RouterName nil case

---
 .tests/traefik_json/parser.assert | 904 ++++++++++++++++++------------
 1 file changed, 542 insertions(+), 362 deletions(-)

diff --git a/.tests/traefik_json/parser.assert b/.tests/traefik_json/parser.assert
index b47a772e06c..d4fd5a2b80a 100644
--- a/.tests/traefik_json/parser.assert
+++ b/.tests/traefik_json/parser.assert
@@ -1,5 +1,5 @@
 len(results) == 4
-len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 5
+len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 6
 results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true
 results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "{\"ClientAddr\":\"172.17.0.1:39496\",\"ClientHost\":\"172.17.0.1\",\"ClientPort\":\"39496\",\"ClientUsername\":\"-\",\"DownstreamContentSize\":357,\"DownstreamStatus\":200,\"Duration\":357313,\"OriginContentSize\":357,\"OriginDuration\":324669,\"OriginStatus\":200,\"Overhead\":32644,\"RequestAddr\":\"test.docker.localhost\",\"RequestContentSize\":0,\"RequestCount\":190,\"RequestHost\":\"test.docker.localhost\",\"RequestMethod\":\"GET\",\"RequestPath\":\"/594VAEoi.save\",\"RequestPort\":\"-\",\"RequestProtocol\":\"HTTP/1.1\",\"RequestScheme\":\"http\",\"RetryAttempts\":0,\"RouterName\":\"test@docker\",\"ServiceAddr\":\"172.17.0.3:80\",\"ServiceName\":\"test@docker\",\"ServiceURL\":{\"Scheme\":\"http\",\"Opaque\":\"\",\"User\":null,\"Host\":\"172.17.0.3:80\",\"Path\":\"\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"StartLocal\":\"2021-12-08T14:02:43.587782192Z\",\"StartUTC\":\"2021-12-08T14:02:43.587782192Z\",\"downstream_Content-Length\":\"357\",\"downstream_Content-Type\":\"text/plain; charset=utf-8\",\"downstream_Date\":\"Wed, 08 Dec 2021 14:02:43 GMT\",\"entryPointName\":\"http\",\"level\":\"info\",\"msg\":\"\",\"origin_Content-Length\":\"357\",\"origin_Content-Type\":\"text/plain; charset=utf-8\",\"origin_Date\":\"Wed, 08 Dec 2021 14:02:43 GMT\",\"request_Connection\":\"Keep-Alive\",\"request_User-Agent\":\"Nikto\",\"request_X-Forwarded-Host\":\"test.docker.localhost\",\"request_X-Forwarded-Port\":\"80\",\"request_X-Forwarded-Proto\":\"http\",\"request_X-Forwarded-Server\":\"8f4adf27f2ad\",\"request_X-Real-Ip\":\"172.17.0.1\",\"time\":\"2021-12-08T14:02:43Z\"}"
 results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "traefik"
@@ -25,18 +25,25 @@ basename(results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_
 results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_type"] == "file"
 results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][4].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["message"] == "DEBUG: CrowdsecBouncerTraefikPlugin: 2025/09/05 13:53:40 handleStreamCache:updated"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["message"] == "{\"ClientAddr\":\"192.168.1.115:56446\",\"ClientHost\":\"192.168.1.115\",\"ClientPort\":\"56446\",\"ClientUsername\":\"-\",\"DownstreamContentSize\":19,\"DownstreamStatus\":404,\"Duration\":10158,\"GzipRatio\":0,\"OriginContentSize\":0,\"OriginDuration\":0,\"OriginStatus\":0,\"Overhead\":10158,\"RequestAddr\":\"admin.mydomain.com\",\"RequestContentSize\":0,\"RequestCount\":3100,\"RequestHost\":\"admin.mydomain.com\",\"RequestMethod\":\"GET\",\"RequestPath\":\"/\",\"RequestPort\":\"-\",\"RequestProtocol\":\"HTTP/2.0\",\"RequestScheme\":\"https\",\"RetryAttempts\":0,\"StartLocal\":\"2026-01-14T10:45:33.759014877+01:00\",\"StartUTC\":\"2026-01-14T09:45:33.759014877Z\",\"TLSCipher\":\"TLS_AES_128_GCM_SHA256\",\"TLSVersion\":\"1.3\",\"entryPointName\":\"https\",\"level\":\"info\",\"msg\":\"\",\"time\":\"2026-01-14T10:45:33+01:00\"}"
 results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["program"] == "traefik"
 basename(results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_path"]) == "traefik_json.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_type"] == "file"
 results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Whitelisted == false
-len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 5
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["message"] == "DEBUG: CrowdsecBouncerTraefikPlugin: 2025/09/05 13:53:40 handleStreamCache:updated"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["program"] == "traefik"
+basename(results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_path"]) == "traefik_json.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Whitelisted == false
+len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 6
 results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false
 results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == false
 results["s00-raw"]["crowdsecurity/syslog-logs"][2].Success == false
 results["s00-raw"]["crowdsecurity/syslog-logs"][3].Success == false
 results["s00-raw"]["crowdsecurity/syslog-logs"][4].Success == false
-len(results["s01-parse"]["crowdsecurity/traefik-logs"]) == 5
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Success == false
+len(results["s01-parse"]["crowdsecurity/traefik-logs"]) == 6
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Success == true
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Parsed["body_bytes_sent"] == "357"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Parsed["dest_addr"] == "172.17.0.1"
@@ -65,58 +72,58 @@ results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Meta["service"] == "ht
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Meta["source_ip"] == "172.17.0.1"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Meta["target_fqdn"] == "test.docker.localhost"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Meta["traefik_router_name"] == "test@docker"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 357
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["level"] == "info"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["Overhead"] == 32644
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == ""
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["Overhead"] == 32644
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 357
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["Duration"] == 357313
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Whitelisted == false
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Success == true
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Parsed["body_bytes_sent"] == "358"
@@ -146,58 +153,58 @@ results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Meta["service"] == "ht
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Meta["source_ip"] == "172.17.0.1"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Meta["target_fqdn"] == "test.docker.localhost"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Meta["traefik_router_name"] == "test@docker"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 358
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["msg"] == ""
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "358"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Whitelisted == false
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Success == true
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Parsed["body_bytes_sent"] == "364"
@@ -231,36 +238,36 @@ results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Meta["traefik_router_n
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Meta["traefik_router_name_leaf"] == "leaf@file"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Meta["traefik_router_name_root"] == "root@file"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366"
-FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["Duration"], 2001375.000000)
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:19:15.980170592Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["Overhead"] == 66084
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:19:15.980170592Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RouterName"] == "root@file -> intermediate1@file -> intermediate2@file -> leaf@file"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestCount"] == 1
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientPort"] == "29366"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestCount"] == 1
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["Overhead"] == 66084
+FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["OriginDuration"], 1935291.000000)
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:19:15.980170592Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["level"] == "info"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestAddr"] == "whoami.localhost"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RouterName"] == "root@file -> intermediate1@file -> intermediate2@file -> leaf@file"
+FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["Duration"], 2001375.000000)
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["msg"] == ""
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["OriginDuration"], 1935291.000000)
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Whitelisted == false
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Success == true
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Parsed["body_bytes_sent"] == "364"
@@ -291,40 +298,95 @@ results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Meta["target_fqdn"] ==
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Meta["traefik_router_name"] == "parent@file -> child@file"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Meta["traefik_router_name_leaf"] == "child@file"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Meta["traefik_router_name_root"] == "parent@file"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientPort"] == "29367"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
-FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["OriginDuration"], 1450000.000000)
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["Overhead"] == 50000
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestMethod"] == "POST"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RouterName"] == "parent@file -> child@file"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:20:00.000000000Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
 FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["Duration"], 1500000.000000)
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestCount"] == 2
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestHost"] == "api.localhost"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["Overhead"] == 50000
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceName"] == "api@file"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:20:00.000000000Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["msg"] == ""
+FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["OriginDuration"], 1450000.000000)
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:20:00Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RouterName"] == "parent@file -> child@file"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestCount"] == 2
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientPort"] == "29367"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Whitelisted == false
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Success == false
-len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 4
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Success == true
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["body_bytes_sent"] == "19"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["dest_addr"] == "192.168.1.115"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["http_version"] == "2.0"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["message"] == "{\"ClientAddr\":\"192.168.1.115:56446\",\"ClientHost\":\"192.168.1.115\",\"ClientPort\":\"56446\",\"ClientUsername\":\"-\",\"DownstreamContentSize\":19,\"DownstreamStatus\":404,\"Duration\":10158,\"GzipRatio\":0,\"OriginContentSize\":0,\"OriginDuration\":0,\"OriginStatus\":0,\"Overhead\":10158,\"RequestAddr\":\"admin.mydomain.com\",\"RequestContentSize\":0,\"RequestCount\":3100,\"RequestHost\":\"admin.mydomain.com\",\"RequestMethod\":\"GET\",\"RequestPath\":\"/\",\"RequestPort\":\"-\",\"RequestProtocol\":\"HTTP/2.0\",\"RequestScheme\":\"https\",\"RetryAttempts\":0,\"StartLocal\":\"2026-01-14T10:45:33.759014877+01:00\",\"StartUTC\":\"2026-01-14T09:45:33.759014877Z\",\"TLSCipher\":\"TLS_AES_128_GCM_SHA256\",\"TLSVersion\":\"1.3\",\"entryPointName\":\"https\",\"level\":\"info\",\"msg\":\"\",\"time\":\"2026-01-14T10:45:33+01:00\"}"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["program"] == "traefik"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["remote_addr"] == "192.168.1.115"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["request"] == "/"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["request_addr"] == "admin.mydomain.com"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["request_duration_in_ms"] == "10158"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["status"] == "404"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["time_local"] == "2026-01-14T10:45:33+01:00"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["traefik_router_name"] == "-"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["verb"] == "GET"
+basename(results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["datasource_path"]) == "traefik_json.log"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["http_path"] == "/"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["http_status"] == "404"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["http_verb"] == "GET"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["log_type"] == "http_access-log"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["service"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["source_ip"] == "192.168.1.115"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["target_fqdn"] == "admin.mydomain.com"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["traefik_router_name"] == "-"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestCount"] == 3100
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientPort"] == "56446"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["TLSCipher"] == "TLS_AES_128_GCM_SHA256"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.115"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 404
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestHost"] == "admin.mydomain.com"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-14T09:45:33.759014877Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["time"] == "2026-01-14T10:45:33+01:00"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["Duration"] == 10158
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.1.115:56446"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 19
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["TLSVersion"] == "1.3"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["entryPointName"] == "https"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["Overhead"] == 10158
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestAddr"] == "admin.mydomain.com"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["GzipRatio"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["OriginDuration"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-14T10:45:33.759014877+01:00"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Whitelisted == false
+results["s01-parse"]["crowdsecurity/traefik-logs"][5].Success == false
+len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 5
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["body_bytes_sent"] == "357"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["dest_addr"] == "172.17.0.1"
@@ -355,58 +417,58 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["target_fqdn
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2021-12-08T14:02:43Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["traefik_router_name"] == "test@docker"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2021-12-08T14:02:43Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["Overhead"] == 32644
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == ""
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["Duration"] == 357313
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 357
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["Duration"] == 357313
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["body_bytes_sent"] == "358"
@@ -438,58 +500,58 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["target_fqdn
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2021-12-08T14:02:43Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["traefik_router_name"] == "test@docker"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2021-12-08T14:02:43Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 358
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "358"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["body_bytes_sent"] == "364"
@@ -524,37 +586,37 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["traefik_rou
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["traefik_router_name_leaf"] == "leaf@file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["traefik_router_name_root"] == "root@file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2026-01-08T14:19:15Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:19:15.980170592Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["Duration"], 2001375.000000)
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RouterName"] == "root@file -> intermediate1@file -> intermediate2@file -> leaf@file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientPort"] == "29366"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:19:15.980170592Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["level"] == "info"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["Overhead"] == 66084
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:19:15.980170592Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestCount"] == 1
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
 FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["OriginDuration"], 1935291.000000)
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestAddr"] == "whoami.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["msg"] == ""
-FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["Duration"], 2001375.000000)
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestCount"] == 1
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RouterName"] == "root@file -> intermediate1@file -> intermediate2@file -> leaf@file"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:19:15.980170592Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["body_bytes_sent"] == "364"
@@ -587,39 +649,96 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["traefik_rou
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["traefik_router_name_leaf"] == "child@file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["traefik_router_name_root"] == "parent@file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2026-01-08T14:20:00Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestHost"] == "api.localhost"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z"
+FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["OriginDuration"], 1450000.000000)
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientPort"] == "29367"
-FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["Duration"], 1500000.000000)
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["Overhead"] == 50000
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RouterName"] == "parent@file -> child@file"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceName"] == "api@file"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:20:00.000000000Z"
-FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["OriginDuration"], 1450000.000000)
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestCount"] == 2
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:20:00Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestMethod"] == "POST"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:20:00Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestMethod"] == "POST"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RouterName"] == "parent@file -> child@file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:20:00.000000000Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceName"] == "api@file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestHost"] == "api.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367"
+FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["Duration"], 1500000.000000)
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Whitelisted == false
-len(results["s02-enrich"]["crowdsecurity/http-logs"]) == 4
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["body_bytes_sent"] == "19"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["dest_addr"] == "192.168.1.115"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["http_version"] == "2.0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["message"] == "{\"ClientAddr\":\"192.168.1.115:56446\",\"ClientHost\":\"192.168.1.115\",\"ClientPort\":\"56446\",\"ClientUsername\":\"-\",\"DownstreamContentSize\":19,\"DownstreamStatus\":404,\"Duration\":10158,\"GzipRatio\":0,\"OriginContentSize\":0,\"OriginDuration\":0,\"OriginStatus\":0,\"Overhead\":10158,\"RequestAddr\":\"admin.mydomain.com\",\"RequestContentSize\":0,\"RequestCount\":3100,\"RequestHost\":\"admin.mydomain.com\",\"RequestMethod\":\"GET\",\"RequestPath\":\"/\",\"RequestPort\":\"-\",\"RequestProtocol\":\"HTTP/2.0\",\"RequestScheme\":\"https\",\"RetryAttempts\":0,\"StartLocal\":\"2026-01-14T10:45:33.759014877+01:00\",\"StartUTC\":\"2026-01-14T09:45:33.759014877Z\",\"TLSCipher\":\"TLS_AES_128_GCM_SHA256\",\"TLSVersion\":\"1.3\",\"entryPointName\":\"https\",\"level\":\"info\",\"msg\":\"\",\"time\":\"2026-01-14T10:45:33+01:00\"}"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["program"] == "traefik"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["remote_addr"] == "192.168.1.115"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["request"] == "/"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["request_addr"] == "admin.mydomain.com"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["request_duration_in_ms"] == "10158"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["status"] == "404"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["time_local"] == "2026-01-14T10:45:33+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["traefik_router_name"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_path"]) == "traefik_json.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_path"] == "/"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_status"] == "404"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "192.168.1.115"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["target_fqdn"] == "admin.mydomain.com"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2026-01-14T10:45:33+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["traefik_router_name"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"] == "2026-01-14T10:45:33+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["GzipRatio"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["OriginDuration"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.115"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestHost"] == "admin.mydomain.com"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-14T10:45:33.759014877+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["TLSVersion"] == "1.3"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 19
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 404
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.1.115:56446"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestCount"] == 3100
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["Overhead"] == 10158
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestAddr"] == "admin.mydomain.com"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientPort"] == "56446"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["Duration"] == 10158
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["TLSCipher"] == "TLS_AES_128_GCM_SHA256"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["entryPointName"] == "https"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["time"] == "2026-01-14T10:45:33+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-14T09:45:33.759014877Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Whitelisted == false
+len(results["s02-enrich"]["crowdsecurity/http-logs"]) == 5
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Success == true
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["body_bytes_sent"] == "357"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["dest_addr"] == "172.17.0.1"
@@ -657,58 +776,58 @@ results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["target_fqdn"] == "
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["timestamp"] == "2021-12-08T14:02:43Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["traefik_router_name"] == "test@docker"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Enriched["MarshaledTime"] == "2021-12-08T14:02:43Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["Duration"] == 357313
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["Overhead"] == 32644
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 357
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 357
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["Duration"] == 357313
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Success == true
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["body_bytes_sent"] == "358"
@@ -747,58 +866,58 @@ results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["target_fqdn"] == "
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["timestamp"] == "2021-12-08T14:02:43Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["traefik_router_name"] == "test@docker"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Enriched["MarshaledTime"] == "2021-12-08T14:02:43Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "358"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 358
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Success == true
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["body_bytes_sent"] == "364"
@@ -837,37 +956,37 @@ results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["traefik_router_nam
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["traefik_router_name_leaf"] == "leaf@file"
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["traefik_router_name_root"] == "root@file"
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Enriched["MarshaledTime"] == "2026-01-08T14:19:15Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366"
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientPort"] == "29366"
+FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["Duration"], 2001375.000000)
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RouterName"] == "root@file -> intermediate1@file -> intermediate2@file -> leaf@file"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:19:15.980170592Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:19:15.980170592Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:19:15.980170592Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestAddr"] == "whoami.localhost"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z"
+FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginDuration"], 1935291.000000)
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["Overhead"] == 66084
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestAddr"] == "whoami.localhost"
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestCount"] == 1
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["Overhead"] == 66084
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientPort"] == "29366"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginDuration"], 1935291.000000)
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366"
-FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["Duration"], 2001375.000000)
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Success == true
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["body_bytes_sent"] == "364"
@@ -906,36 +1025,97 @@ results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["traefik_router_nam
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["traefik_router_name_leaf"] == "child@file"
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["traefik_router_name_root"] == "parent@file"
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Enriched["MarshaledTime"] == "2026-01-08T14:20:00Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["Overhead"] == 50000
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
-FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["Duration"], 1500000.000000)
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestHost"] == "api.localhost"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
-FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginDuration"], 1450000.000000)
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestMethod"] == "POST"
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:20:00Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestMethod"] == "POST"
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RouterName"] == "parent@file -> child@file"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceName"] == "api@file"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:20:00.000000000Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["msg"] == ""
+FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["Duration"], 1500000.000000)
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost"
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:20:00Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientPort"] == "29367"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceName"] == "api@file"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367"
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
+FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginDuration"], 1450000.000000)
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestCount"] == 2
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Success == true
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["body_bytes_sent"] == "19"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["dest_addr"] == "192.168.1.115"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["file_dir"] == "/"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["http_version"] == "2.0"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["impact_completion"] == "false"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["message"] == "{\"ClientAddr\":\"192.168.1.115:56446\",\"ClientHost\":\"192.168.1.115\",\"ClientPort\":\"56446\",\"ClientUsername\":\"-\",\"DownstreamContentSize\":19,\"DownstreamStatus\":404,\"Duration\":10158,\"GzipRatio\":0,\"OriginContentSize\":0,\"OriginDuration\":0,\"OriginStatus\":0,\"Overhead\":10158,\"RequestAddr\":\"admin.mydomain.com\",\"RequestContentSize\":0,\"RequestCount\":3100,\"RequestHost\":\"admin.mydomain.com\",\"RequestMethod\":\"GET\",\"RequestPath\":\"/\",\"RequestPort\":\"-\",\"RequestProtocol\":\"HTTP/2.0\",\"RequestScheme\":\"https\",\"RetryAttempts\":0,\"StartLocal\":\"2026-01-14T10:45:33.759014877+01:00\",\"StartUTC\":\"2026-01-14T09:45:33.759014877Z\",\"TLSCipher\":\"TLS_AES_128_GCM_SHA256\",\"TLSVersion\":\"1.3\",\"entryPointName\":\"https\",\"level\":\"info\",\"msg\":\"\",\"time\":\"2026-01-14T10:45:33+01:00\"}"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["program"] == "traefik"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["remote_addr"] == "192.168.1.115"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["request"] == "/"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["request_addr"] == "admin.mydomain.com"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["request_duration_in_ms"] == "10158"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["static_ressource"] == "false"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["status"] == "404"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["time_local"] == "2026-01-14T10:45:33+01:00"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["traefik_router_name"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["verb"] == "GET"
+basename(results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["datasource_path"]) == "traefik_json.log"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_args_len"] == "0"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_path"] == "/"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_status"] == "404"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["http_verb"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["log_type"] == "http_access-log"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["service"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["source_ip"] == "192.168.1.115"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["target_fqdn"] == "admin.mydomain.com"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["timestamp"] == "2026-01-14T10:45:33+01:00"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["traefik_router_name"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Enriched["MarshaledTime"] == "2026-01-14T10:45:33+01:00"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestAddr"] == "admin.mydomain.com"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["Duration"] == 10158
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-14T09:45:33.759014877Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["TLSCipher"] == "TLS_AES_128_GCM_SHA256"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientPort"] == "56446"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 404
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["time"] == "2026-01-14T10:45:33+01:00"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.115"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["entryPointName"] == "https"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.1.115:56446"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["GzipRatio"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["OriginDuration"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestCount"] == 3100
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-14T10:45:33.759014877+01:00"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["TLSVersion"] == "1.3"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 19
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestHost"] == "admin.mydomain.com"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["Overhead"] == 10158
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Whitelisted == false
 len(results["success"][""]) == 0

From 585a6a77001ab1547c8c4627da856f03b51e2776 Mon Sep 17 00:00:00 2001
From: Laurence <laurence.jones@live.co.uk>
Date: Thu, 15 Jan 2026 08:51:27 +0000
Subject: [PATCH 3/5] docs: add comments explaining RouterName nil handling

---
 parsers/s01-parse/crowdsecurity/traefik-logs.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/parsers/s01-parse/crowdsecurity/traefik-logs.yaml b/parsers/s01-parse/crowdsecurity/traefik-logs.yaml
index 3b1d86c1e13..0ae0026e362 100644
--- a/parsers/s01-parse/crowdsecurity/traefik-logs.yaml
+++ b/parsers/s01-parse/crowdsecurity/traefik-logs.yaml
@@ -23,8 +23,10 @@ nodes:
   ## JSON parser - extract fields and store full router chain in traefik_router_name (backwards compatible)
   # We must use evt.Parsed.message to make sure we respect s00 stage
   - filter: TrimSpace(evt.Parsed.message) startsWith "{" && UnmarshalJSON(evt.Parsed.message, evt.Unmarshaled, "traefik") in ["", nil]
+    ## keep onsuccess here for nodes
     onsuccess: next_stage
     nodes:
+      ## we need to set traefik_router_name to "-" if RouterName is nil to forward to s02-enrich or else parsing fails
       - filter: evt.Unmarshaled.traefik.RouterName == nil
         statics:
           - parsed: traefik_router_name

From da0977b1cf8b8e69718df6eea82dd7d571afb65d Mon Sep 17 00:00:00 2001
From: Laurence <laurence.jones@live.co.uk>
Date: Thu, 15 Jan 2026 09:00:49 +0000
Subject: [PATCH 4/5] refactor: make it less complex

---
 .tests/traefik_json/parser.assert             | 858 +++++++++---------
 .../s01-parse/crowdsecurity/traefik-logs.yaml |  14 +-
 2 files changed, 429 insertions(+), 443 deletions(-)

diff --git a/.tests/traefik_json/parser.assert b/.tests/traefik_json/parser.assert
index d4fd5a2b80a..d22f486d40f 100644
--- a/.tests/traefik_json/parser.assert
+++ b/.tests/traefik_json/parser.assert
@@ -72,58 +72,58 @@ results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Meta["service"] == "ht
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Meta["source_ip"] == "172.17.0.1"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Meta["target_fqdn"] == "test.docker.localhost"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Meta["traefik_router_name"] == "test@docker"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 357
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["Overhead"] == 32644
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == ""
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 357
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["Duration"] == 357313
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
-results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["Overhead"] == 32644
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Whitelisted == false
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Success == true
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Parsed["body_bytes_sent"] == "358"
@@ -153,58 +153,58 @@ results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Meta["service"] == "ht
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Meta["source_ip"] == "172.17.0.1"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Meta["target_fqdn"] == "test.docker.localhost"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Meta["traefik_router_name"] == "test@docker"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 358
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["level"] == "info"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "358"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["level"] == "info"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local"
+results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Whitelisted == false
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Success == true
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Parsed["body_bytes_sent"] == "364"
@@ -237,37 +237,37 @@ results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Meta["traefik_router_n
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Meta["traefik_router_name_intermediate"] == "intermediate1@file -> intermediate2@file"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Meta["traefik_router_name_leaf"] == "leaf@file"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Meta["traefik_router_name_root"] == "root@file"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:19:15.980170592Z"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["Overhead"] == 66084
+FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["Duration"], 2001375.000000)
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:19:15.980170592Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestCount"] == 1
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestAddr"] == "whoami.localhost"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RouterName"] == "root@file -> intermediate1@file -> intermediate2@file -> leaf@file"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["Overhead"] == 66084
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientPort"] == "29366"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:19:15.980170592Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
 FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["OriginDuration"], 1935291.000000)
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:19:15.980170592Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestAddr"] == "whoami.localhost"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RouterName"] == "root@file -> intermediate1@file -> intermediate2@file -> leaf@file"
-FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["Duration"], 2001375.000000)
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
+results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80"
 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Whitelisted == false
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Success == true
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Parsed["body_bytes_sent"] == "364"
@@ -298,37 +298,37 @@ results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Meta["target_fqdn"] ==
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Meta["traefik_router_name"] == "parent@file -> child@file"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Meta["traefik_router_name_leaf"] == "child@file"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Meta["traefik_router_name_root"] == "parent@file"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestMethod"] == "POST"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:20:00.000000000Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
 FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["Duration"], 1500000.000000)
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:20:00Z"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestHost"] == "api.localhost"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["Overhead"] == 50000
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceName"] == "api@file"
-FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["OriginDuration"], 1450000.000000)
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:20:00Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RouterName"] == "parent@file -> child@file"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceName"] == "api@file"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestCount"] == 2
-results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientPort"] == "29367"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["OriginDuration"], 1450000.000000)
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["Overhead"] == 50000
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080"
+results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Whitelisted == false
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Success == true
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["body_bytes_sent"] == "19"
@@ -342,7 +342,6 @@ results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["request_addr"]
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["request_duration_in_ms"] == "10158"
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["status"] == "404"
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["time_local"] == "2026-01-14T10:45:33+01:00"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["traefik_router_name"] == "-"
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["verb"] == "GET"
 basename(results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["datasource_path"]) == "traefik_json.log"
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["datasource_type"] == "file"
@@ -353,37 +352,36 @@ results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["log_type"] == "h
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["service"] == "http"
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["source_ip"] == "192.168.1.115"
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["target_fqdn"] == "admin.mydomain.com"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["traefik_router_name"] == "-"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestCount"] == 3100
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientPort"] == "56446"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0"
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["TLSCipher"] == "TLS_AES_128_GCM_SHA256"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.115"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.1.115:56446"
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 404
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestHost"] == "admin.mydomain.com"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["Overhead"] == 10158
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-14T09:45:33.759014877Z"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["time"] == "2026-01-14T10:45:33+01:00"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["Duration"] == 10158
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.1.115:56446"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 19
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 0
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["TLSVersion"] == "1.3"
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["entryPointName"] == "https"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["Overhead"] == 10158
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestAddr"] == "admin.mydomain.com"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["GzipRatio"] == 0
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["OriginDuration"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestAddr"] == "admin.mydomain.com"
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-14T10:45:33.759014877+01:00"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 19
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["GzipRatio"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["TLSVersion"] == "1.3"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["time"] == "2026-01-14T10:45:33+01:00"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.115"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["Duration"] == 10158
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestHost"] == "admin.mydomain.com"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientPort"] == "56446"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestCount"] == 3100
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 0
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-14T09:45:33.759014877Z"
 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Whitelisted == false
 results["s01-parse"]["crowdsecurity/traefik-logs"][5].Success == false
 len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 5
@@ -417,58 +415,58 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["target_fqdn
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2021-12-08T14:02:43Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["traefik_router_name"] == "test@docker"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2021-12-08T14:02:43Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["Overhead"] == 32644
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 357
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["Duration"] == 357313
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["Overhead"] == 32644
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 357
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["body_bytes_sent"] == "358"
@@ -500,58 +498,58 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["target_fqdn
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2021-12-08T14:02:43Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["traefik_router_name"] == "test@docker"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2021-12-08T14:02:43Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "358"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 358
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 358
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "358"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["body_bytes_sent"] == "364"
@@ -586,37 +584,37 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["traefik_rou
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["traefik_router_name_leaf"] == "leaf@file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["traefik_router_name_root"] == "root@file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2026-01-08T14:19:15Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
 FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["Duration"], 2001375.000000)
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestAddr"] == "whoami.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["Overhead"] == 66084
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RouterName"] == "root@file -> intermediate1@file -> intermediate2@file -> leaf@file"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientPort"] == "29366"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:19:15.980170592Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["Overhead"] == 66084
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestCount"] == 1
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientPort"] == "29366"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
 FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["OriginDuration"], 1935291.000000)
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestAddr"] == "whoami.localhost"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:19:15.980170592Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestCount"] == 1
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["body_bytes_sent"] == "364"
@@ -650,36 +648,36 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["traefik_rou
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["traefik_router_name_root"] == "parent@file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2026-01-08T14:20:00Z"
 FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["OriginDuration"], 1450000.000000)
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["Overhead"] == 50000
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestMethod"] == "POST"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceName"] == "api@file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientPort"] == "29367"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["Overhead"] == 50000
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestCount"] == 2
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:20:00Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestMethod"] == "POST"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RouterName"] == "parent@file -> child@file"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:20:00.000000000Z"
+FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["Duration"], 1500000.000000)
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceName"] == "api@file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:20:00.000000000Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientPort"] == "29367"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestCount"] == 2
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestHost"] == "api.localhost"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367"
-FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["Duration"], 1500000.000000)
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:20:00Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["body_bytes_sent"] == "19"
@@ -693,7 +691,6 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["request_a
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["request_duration_in_ms"] == "10158"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["status"] == "404"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["time_local"] == "2026-01-14T10:45:33+01:00"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["traefik_router_name"] == "-"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["verb"] == "GET"
 basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_path"]) == "traefik_json.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_type"] == "file"
@@ -705,38 +702,37 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["service"] =
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "192.168.1.115"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["target_fqdn"] == "admin.mydomain.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2026-01-14T10:45:33+01:00"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["traefik_router_name"] == "-"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"] == "2026-01-14T10:45:33+01:00"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["Overhead"] == 10158
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 404
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["Duration"] == 10158
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestCount"] == 3100
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["GzipRatio"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["OriginDuration"] == 0
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.115"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestHost"] == "admin.mydomain.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-14T10:45:33.759014877+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-14T09:45:33.759014877Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["TLSVersion"] == "1.3"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 19
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 404
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.1.115:56446"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestCount"] == 3100
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["OriginDuration"] == 0
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["Overhead"] == 10158
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestAddr"] == "admin.mydomain.com"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientPort"] == "56446"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["Duration"] == 10158
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 19
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.115"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["time"] == "2026-01-14T10:45:33+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["TLSCipher"] == "TLS_AES_128_GCM_SHA256"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["GzipRatio"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestHost"] == "admin.mydomain.com"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientPort"] == "56446"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestAddr"] == "admin.mydomain.com"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["entryPointName"] == "https"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["time"] == "2026-01-14T10:45:33+01:00"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-14T09:45:33.759014877Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 0
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Whitelisted == false
 len(results["s02-enrich"]["crowdsecurity/http-logs"]) == 5
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Success == true
@@ -776,58 +772,58 @@ results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["target_fqdn"] == "
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["timestamp"] == "2021-12-08T14:02:43Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["traefik_router_name"] == "test@docker"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Enriched["MarshaledTime"] == "2021-12-08T14:02:43Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["Overhead"] == 32644
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["level"] == "info"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 357
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["Overhead"] == 32644
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["Duration"] == 357313
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["Duration"] == 357313
-results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Success == true
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["body_bytes_sent"] == "358"
@@ -866,58 +862,58 @@ results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["target_fqdn"] == "
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["timestamp"] == "2021-12-08T14:02:43Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["traefik_router_name"] == "test@docker"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Enriched["MarshaledTime"] == "2021-12-08T14:02:43Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["level"] == "info"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "358"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == ""
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == ""
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == ""
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "358"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 358
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad"
+results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost"
-results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Success == true
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["body_bytes_sent"] == "364"
@@ -956,37 +952,37 @@ results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["traefik_router_nam
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["traefik_router_name_leaf"] == "leaf@file"
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["traefik_router_name_root"] == "root@file"
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Enriched["MarshaledTime"] == "2026-01-08T14:19:15Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientPort"] == "29366"
-FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["Duration"], 2001375.000000)
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RouterName"] == "root@file -> intermediate1@file -> intermediate2@file -> leaf@file"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestCount"] == 1
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file"
+FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginDuration"], 1935291.000000)
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientPort"] == "29366"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:19:15.980170592Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:19:15.980170592Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["msg"] == ""
-FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginDuration"], 1935291.000000)
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["Overhead"] == 66084
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestAddr"] == "whoami.localhost"
-results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestCount"] == 1
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80"
+FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["Duration"], 2001375.000000)
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RouterName"] == "root@file -> intermediate1@file -> intermediate2@file -> leaf@file"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:19:15.980170592Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestAddr"] == "whoami.localhost"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
+results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Success == true
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["body_bytes_sent"] == "364"
@@ -1025,37 +1021,37 @@ results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["traefik_router_nam
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["traefik_router_name_leaf"] == "child@file"
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["traefik_router_name_root"] == "parent@file"
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Enriched["MarshaledTime"] == "2026-01-08T14:20:00Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["Overhead"] == 50000
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestHost"] == "api.localhost"
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestMethod"] == "POST"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RouterName"] == "parent@file -> child@file"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:20:00.000000000Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["msg"] == ""
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
 FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["Duration"], 1500000.000000)
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:20:00Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientPort"] == "29367"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestMethod"] == "POST"
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceName"] == "api@file"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:20:00Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestHost"] == "api.localhost"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:20:00.000000000Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["entryPointName"] == "web"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["level"] == "info"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RouterName"] == "parent@file -> child@file"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080"
 FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginDuration"], 1450000.000000)
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestCount"] == 2
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080"
-results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientPort"] == "29367"
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["Overhead"] == 50000
+results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost"
 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Success == true
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["body_bytes_sent"] == "19"
@@ -1072,7 +1068,6 @@ results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["request_duration
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["static_ressource"] == "false"
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["status"] == "404"
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["time_local"] == "2026-01-14T10:45:33+01:00"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["traefik_router_name"] == "-"
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Parsed["verb"] == "GET"
 basename(results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["datasource_path"]) == "traefik_json.log"
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["datasource_type"] == "file"
@@ -1085,37 +1080,36 @@ results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["service"] == "http
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["source_ip"] == "192.168.1.115"
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["target_fqdn"] == "admin.mydomain.com"
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["timestamp"] == "2026-01-14T10:45:33+01:00"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["traefik_router_name"] == "-"
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Enriched["MarshaledTime"] == "2026-01-14T10:45:33+01:00"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestAddr"] == "admin.mydomain.com"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["Duration"] == 10158
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestHost"] == "admin.mydomain.com"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-14T10:45:33.759014877+01:00"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.115"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 404
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-14T09:45:33.759014877Z"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["TLSCipher"] == "TLS_AES_128_GCM_SHA256"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["TLSVersion"] == "1.3"
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["msg"] == ""
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientPort"] == "56446"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 404
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.1.115:56446"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 19
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestPort"] == "-"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["time"] == "2026-01-14T10:45:33+01:00"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.115"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["Overhead"] == 10158
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestPath"] == "/"
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["entryPointName"] == "https"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.1.115:56446"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["time"] == "2026-01-14T10:45:33+01:00"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["level"] == "info"
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["GzipRatio"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["level"] == "info"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["OriginDuration"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["GzipRatio"] == 0
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestCount"] == 3100
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-14T09:45:33.759014877Z"
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-14T10:45:33.759014877+01:00"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["TLSVersion"] == "1.3"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 19
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 0
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestHost"] == "admin.mydomain.com"
-results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["Overhead"] == 10158
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientPort"] == "56446"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestAddr"] == "admin.mydomain.com"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["TLSCipher"] == "TLS_AES_128_GCM_SHA256"
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["Duration"] == 10158
+results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["OriginDuration"] == 0
 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Whitelisted == false
 len(results["success"][""]) == 0
diff --git a/parsers/s01-parse/crowdsecurity/traefik-logs.yaml b/parsers/s01-parse/crowdsecurity/traefik-logs.yaml
index 0ae0026e362..4b86766239f 100644
--- a/parsers/s01-parse/crowdsecurity/traefik-logs.yaml
+++ b/parsers/s01-parse/crowdsecurity/traefik-logs.yaml
@@ -23,19 +23,11 @@ nodes:
   ## JSON parser - extract fields and store full router chain in traefik_router_name (backwards compatible)
   # We must use evt.Parsed.message to make sure we respect s00 stage
   - filter: TrimSpace(evt.Parsed.message) startsWith "{" && UnmarshalJSON(evt.Parsed.message, evt.Unmarshaled, "traefik") in ["", nil]
-    ## keep onsuccess here for nodes
-    onsuccess: next_stage
     nodes:
-      ## we need to set traefik_router_name to "-" if RouterName is nil to forward to s02-enrich or else parsing fails
-      - filter: evt.Unmarshaled.traefik.RouterName == nil
-        statics:
-          - parsed: traefik_router_name
-            value: "-"
       ## Parse root, intermediate (if any), and leaf routers from full router chain
-      - filter: evt.Unmarshaled.traefik.RouterName != nil
-        grok:
-          pattern: '^%{TRAEFIK_ROUTER:traefik_router_name_root}(?: -> (?:%{DATA:traefik_router_intermediate} -> )?%{TRAEFIK_ROUTER:traefik_router_leaf})?$'
-          expression: evt.Unmarshaled.traefik.RouterName
+      - grok:
+          pattern: '^%{TRAEFIK_ROUTER:traefik_router_name_root}?(?: -> (?:%{DATA:traefik_router_intermediate} -> )?%{TRAEFIK_ROUTER:traefik_router_leaf})?$'
+          expression: "evt.Unmarshaled.traefik.RouterName ?? ''"
     statics:
       - parsed: remote_addr
         expression: evt.Unmarshaled.traefik.ClientHost

From d92288979f54365a8a24348de78ba21c70720187 Mon Sep 17 00:00:00 2001
From: Laurence <laurence.jones@live.co.uk>
Date: Thu, 15 Jan 2026 09:03:58 +0000
Subject: [PATCH 5/5] refactor: make static less complex

---
 parsers/s01-parse/crowdsecurity/traefik-logs.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/parsers/s01-parse/crowdsecurity/traefik-logs.yaml b/parsers/s01-parse/crowdsecurity/traefik-logs.yaml
index 4b86766239f..b2093930927 100644
--- a/parsers/s01-parse/crowdsecurity/traefik-logs.yaml
+++ b/parsers/s01-parse/crowdsecurity/traefik-logs.yaml
@@ -48,7 +48,7 @@ nodes:
         expression: int(evt.Unmarshaled.traefik.Duration)
       - parsed: traefik_router_name
         ## Full router chain (backwards compatible)
-        expression: "evt.Unmarshaled.traefik.RouterName != nil ? evt.Unmarshaled.traefik.RouterName : ''"
+        expression: "evt.Unmarshaled.traefik.RouterName ?? ''"
       - parsed: time_local
         expression: evt.Unmarshaled.traefik.time
       - parsed: verb