Can you help map creating field extractions Please use the ES CIM model where possible for field names:
There are some variations in the log files so I included these two that we’re looking at:
2019-09-17 **:**:**.**** [Level: INFO][Server: **********][ServerIP: ::1][ThreadId: 141][RequesterIP:**.***.1.1][Verb:POST][RequestUri:https://***svcv3/authenticationgateway/profile/******/login][Headers:[Connection:Keep-Alive|Content-Length:118|Content-Type:application/json|Accept:*/*|Accept-Language:en-us |User-Agent:iOS **Bank (Version 2.18.0 Build 80329; 12.4.1; en-US; iPhone(iPhone11,2); |X-GDC-DeviceID:BA8BB0C7-2FF8-4C37-B17B-A5F01148D38E|X-GDC-Digest:l2RLaisPFvk6libgtBFQb85Sh17kM5moYGp6ipQ2Su0=|X-GDC-SessionToken:fe9bc5d5-259d-402b-aa35-861e0d260068|X-GDC-Method:2|X-GDC-Timestamp:2019-09-17T22:41:10.009|Originator:FlexClient|X-GDC-Version:1.001|X-GDC-ApplicationID:10043|X-GDC-MessageID:BABBFB13-F781-4FF6-B777-894BAF5CBD8A|RequestId:AEABFB13-F781-4FF6-B777-894BAF5CBD8A|X-Forwarded-For:108.**.233.***, 127.**.242.145, 10.126.**.250|X-Original-URL:/***/auth/**/profile/tokens/login| "AuthenticationLevel":"1","WebUserToken":"354643"}"][TimeTaken:][StatusCode:Created(201)]
2019-09-13 23:**:51.3120 [Level: INFO][Server: *****SVC04][ServerIP: ::1][ThreadId: 58][Response:{ ErrorCode = 10003, ErrorDescription = Unable to process the login request, "Code":30116267
Below are the fields need to be extracted:
**Accept-Language
User-Agent
X-GDC-DeviceID
X-GDC-SessionToken
X-GDC-Method
X-GDC-ApplicationID
X-Forwarded-For
X-Original-URL
AuthenticationLevel
WebUserToken
StatusCode
ErrorCode
ErrorDescription
Code**
For X-Forwarded-For, please only capture the first IP address.
↧