search cancel

LogAnalytics - apache_access logs, how to search on USERID field


Article ID: 145783


Updated On:


CA App Experience Analytics


Needs to be able to search on USERID field which is in the raw message. - GRIVAS
[24/Jul/2019:14:28:26 +0200] - 80 - GET
/test/docs/img/sist_gest_talleres.gif HTTP/1.1 200 2356 http://test/ermpiescza/
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR
2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0;
.NET4.0C; .NET4.0E; Tablet PC 2.0)..

In this example the GRIVAS is the USERID and is how they get requests from the user community to search the logs.

Can the "auth" field be added to the log_parser.conf body text for apache_access logs ?


AXA 17.3.2


Username i.e "GRIVAS" we are already parsing using pattern COMBINEDAPACHELOG_3 and coming into auth field. 

Add new filed in logparser.conf under apache_access section as below:

"username": "%{auth}"