From 0fcc6ccb33e9f80b021670a28d9f1a609a167049 Mon Sep 17 00:00:00 2001
From: Joe Gordon <joe.gordon0@gmail.com>
Date: Mon, 10 Mar 2014 18:27:15 -0700
Subject: [PATCH] Remove false positives from query 1240256

Logstash doesn't appear to do exact matching for " 503 " so expand
query.

Change-Id: I83b83020a62cc1d50eb2960c51c0c1bdc751bf57
---
 queries/1240256.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/queries/1240256.yaml b/queries/1240256.yaml
index 42f68b6f..7bbfe04d 100644
--- a/queries/1240256.yaml
+++ b/queries/1240256.yaml
@@ -1,4 +1,4 @@
 query: >
-  message:" 503"
+  message:"HTTP/1.0 503"
   AND filename:"logs/syslog.txt"
   AND syslog_program:"proxy-server"