This is how our normal raw event looks -- Feb 7 23:59:32 128.160.82.26 [local0.warning] <132>1 2025-02-07T23:59:32.033309Z AviVantage v-wasphictst-wdc.hc.cloud.uk.sony-443 NILVALUE NILVALUE - {"adf"...
See more...
This is how our normal raw event looks -- Feb 7 23:59:32 128.160.82.26 [local0.warning] <132>1 2025-02-07T23:59:32.033309Z AviVantage v-wasphictst-wdc.hc.cloud.uk.sony-443 NILVALUE NILVALUE - {"adf":true,"significant":0,"udf":false,"virtualservice":"virtualservice-e52d1117-b508-4a6d-9fb5-f03ca6319af7","report_timestamp":"2025-02-07T23:59:32.033309Z","service_engine":"GB-DRN-AB-Tier2-se-bmqhk","vcpu_id":0,"log_id":89302,"client_ip":"112.12.53.70","client_src_port":37228,"client_dest_port":443,"client_rtt":1,"request_state":"AVI_HTTP_REQUEST_STATE_SSL_HANDSHAKING","significant_log":["ADF_CLIENT_CONNECTION_CLOSED_BEFORE_REQUEST"],"vs_ip":"128.160.71.101","ocsp_status_resp_sent":true,"max_ingress_latency_fe":0,"avg_ingress_latency_fe":0,"conn_est_time_fe":1,"source_ip":"128.12.53.70","vs_name":"v-wasphictst-wdc.hc.cloud.uk.sony-443","tenant_name":"admin"} So what we have does is removed the non-json part from this by using sedcmd and extracted the json events by giving kv_mode=json in SH. Till here it is good. Formatted log sample - [-] adf: true all_request_headers: { [+] } all_response_headers: { [+] } avg_ingress_latency_fe: 0 cacheable: true client_dest_port: 443 client_insights: client_ip: 112.11.227.250 client_rtt: 1 client_src_port: 34057 compression: NO_COMPRESSION_CAN_BE_COMPRESSED compression_percentage: 0 conn_est_time_fe: 1 host: wasphictst-wdc.hc.cloud.uk.sony http_version: 1.1 jwt_log: { [+] } log_id: 122364 max_ingress_latency_fe: 0 method: GET report_timestamp: 2025-02-18T16:30:29.084682Z request_headers: 577 request_id: 6vT-vgq1-nSjL request_length: 131 request_state: AVI_HTTP_REQUEST_STATE_READ_CLIENT_REQ_HDR response_code: 403 response_content_type: text/html response_headers: 12 response_length: 4181 response_time_first_byte: 1 response_time_last_byte: 1 service_engine: GB-DRN-AB-Tier2-se-vxeuz significant: 0 significant_log: [ [+] ] sni_hostname: wasphictst-wdc.hc.cloud.uk.sony source_ip: 128.11.227.250 ssl_cipher: TLS_AES_256_GCM_SHA384 ssl_session_id: 5032f265bd7d88f768c096bbbf78d4f2 ssl_version: TLSv1.3 tenant_name: admin udf: false uri_path: /cmd user_agent: insomnia/2021.5.3 vcpu_id: 0 virtualservice: virtualservice-e52d1117-b508-4a6d-9fb5-f03ca6319af7 vs_ip: 123.160.71.101 vs_name: v-wasphictst-wdc.hc.cloud.uk.sony-443 waf_log: { [+] } } We want to re-arrange this fields that is we have some less information strings at the top and more info fields like (waf_log) at the bottom. how to do this re-arranging part? Checked from source end and they can't do anything from their side. And one more thing, want waf_log to be automatically expanded by default not everytime by clicking + and again + + + in this way. Please help me in these two requirements?