Suricata Rules HTTP Header not working

Here is my rules:
alert http any any -> any any (msg:"TEST"; http.method; content:"POST"; http.uri; content:"/test"; http.header; content:"Transfer-Encoding|3a 20|chunked, chunked"; fast_pattern; sid:10000000;)
I tried with Request bellow but Suricata does not throw Alert, some one can help me. Thanks

What is your (traffic) input? Are you feeding a PCAP to Suricata? Or are you listening live on the device?

Suricata needs to see full flow from the beginning (unless extra settings are specified), so if you are only investigating on a single packet then that will not work.

This might be related to this issue - Bug #6415: Suricata not populating http.header, http.header.raw and http.request_header buffers when malformed header value exists - Suricata - Open Information Security Foundation

I think, though i’m not 100% sure, but it kinda looks like libhtp is considering anything that isn’t exactly “chunked” (case insensitive) to be invalid.

I try with listening live on the device interface ens33 and sending request via burpsuite but no alrert throw, when i remove http.header the rule was trigger