This article walks through some tips on how to use the Clarity app-access.logs for troubleshooting.
Information below is pulled from: CA Clarity Tuesday Tip: Enhanced App-Access Logs in 12.1.0
The app.access.log formats data in a pipe-delimited manner, which helps in importing these logs into a spreadsheet or database. The format can be useful in finding actions that take a long time to complete (including what may cause general performance issues in the system) as well as tracking what users were doing at a particular time in the application (who or what user ID made a change in the application).
The format is as follows:
10.74.130.152|[08/Jul/2020:11:56:08 -0400]|POST /niku/nu?uitk.vxml=1&action=odf.getObjectList&uitk.session.uuid=7ce479de-74b5-4f42-8df9-87851cebf2e7 HTTP/1.0|200|8677|93|5216040__8B785EC4-F02A-4C2B-BDC2-81F02621C2D2
From the above, we can see from IP address: 10.74.130.152, a Post action for the odf.getObjectList was received by the server. This came from session 5216040 and took 8.677
These logs have the format, app-access-yyyy-mm-dd.log. i.e. app-access-2020-10-18.log
The app-access logs don't show the username in the session, however, you may be able to determine that based on information in the request. You can also use the session token to map back to the user id using the following steps:
For GCP/SaaS environments, we only store 2 days worth of session data, so the session information would have to be caught within the available time frame.
Related Articles where app-access.logs can help: