Field list

<< Click to Display Table of Contents >>

Navigation:  Reference > Advanced >

Field list

You will find hereafter a reference of all fields that will appear in the displayed HTTP logs. Of course, this doesn't include custom fields that you can configure by yourself to be extracted from the logs.

 

List of fields in IIS W3C logs.

 

Display name

Field name

W3C field name

Visible

Description

Date

 

date

No

The date when the web request took place

Time

 

time

No

The time of the day when the web request took place

Site Name

SiteName

s-sitename

Yes

The IIS web site name

Server IP Address

ServerIP

s-ip

No

The server IP address

Method

Method

cs-method

Yes

The HTTP request method: GET, POST...

URL path

UrlPath

cs-uri-stem

Yes

The path of the requested URL
http://www.domain.com/Folder/Page/?variable=content
The Tree mode is available for this field.

URL Query

UrlQuery

cs-uri-query

Yes

The query of the requested URL
http://www.domain.com/Folder/Page/?variable=content

Server Port

Port

s-port

Yes

The port used to contact the web server. Usually 80 for http and 443 for https

User Name

UserName

cs-username

Yes

The account name if the interned user is authenticated on the web site

Client IP Address

ClientIP

c-ip

Yes

IP address of the client web browser

User Agent

UserAgent

cs(User-Agent)

Yes

String sent by the browser allowing to determine the type and version of the browser and the operating system on which the web browser is running

Cookie

Cookie

cs(Cookie)

Yes

Cookies exchanged between the web server and the browser

Referer

Referer

cs(Referer)

Yes

The URL of the web page from which the current page was requested

Protocol Status

Status

sc-status

Yes

The HTTP status code 200, 404, 301, 500 ...
List of HTTP status codes
Or the FTP status code for IIS FTP sites (When the x-session field is available)
List of FTP status codes

Protocol Sub-status

SubStatus

sc-substatus

Yes

The HTTP sub status code. You will get IIS sub status codes at the following link:

The HTTP status code in IIS

Win32 Status

Win32Status

sc-win32-status

Yes

The Windows error code associated to the error status

Time Taken

TimeTaken

time-taken

Yes

The time taken by the request to execute on the server in milliseconds

Bytes Sent

BytesSent

sc-bytes

Yes

The number of bytes sent by the browser to the web server

Bytes Received

BytesReceived

cs-bytes

Yes

The number of bytes downloaded by the browser from the server

Protocol Version

ProtocolVersion

cs-version

Yes

The protocol version (HTTP or FTP) that the client used.

Host

Host

cs-host

Yes

The address of the web site

http://www.domain.com/Folder/Page/?variable=content

FTP Session

FtpSession

x-session

Yes

FTP session number. The presence of this field is triggering the FTP mode (The status code is interpreted as FTP status instead of as a HTTP status).

FTP Path

FtpPath

x-fullpath

Yes

Full path of the accessed file on the FTP site relatively to the root FTP folder.
The Tree mode is available for this field.

 

Reference:

https://technet.microsoft.com/en-us/library/cc754702(v=ws.10).aspx

 

List of Fields available in Apache access logs

 

The common log format contains the following fields:

ClientIP, UserName, Status, BytesSent, Method, UrlPath, UrlQuery, ProtocolVersion

 

The combined log format adds the two following fields:

Referer, UserAgent

 

And if you follow instructions in the blog post Configure Apache access logs on Ubuntu server you can add the fields TimeTaken, Port and Host.

 

Extracted fields

 

List of fields optionally added by the HttpLogBrowser if corresponding settings are selected in the Analysis settings.

 

Display name

Field name

Description

Event Type

EventType

Determined by the Status field: Success 2xx, Redirection 3xx, Client error 4xx, Server error 5xx

Event time

EventTime

Date and time of the web request (Date + Time)

Day of week

DayOfWeek

Day number in the week. Value between 0 and 6. 0 is the first day in the week (Sunday or Monday depending on the regional settings).

Hour of day

HourOfDay

Hour in the day. Integer value between 0 and 23.

Browser Family

BrowserFamily

Browser family (e.g. Firefox, Chrome, IE ...)

Browser

Browser

Browser with version (e.g. Firefox 47.0, Chrome 56.0.2924, IE 11.0, ...)

OS Family

OSFamily

Family of the OS (e.g. Windows, OSX, ...)

OS

OS

OS with version number

Device

Device

The kind of device the web browser is running on. Will be Other for a desktop browser and the phone model for smart phones. For crawlers it will be Spider.

ASP Session Id

ASPSessionId

If the web server uses ASP.NET sessions, the ID of the session extracted from the cs(Cookie) field

PHP Session Id

PHPSessionId

If the web server uses PHP sessions, the ID of the session extracted from the cs(Cookie) field

Referer Site

RefererSite

The referer web site extracted from the field cs(Referer)

Referer Path

RefererPath

The path of the referer URL extracted from the field cs(Referer)

Referer Query

RefererQuery

The query from the referer URL extracted from the field cs(Referer)

Log Name

LogName

The name of the folder containing the log files in Root folder or All sites mode (e.g. W3SVC1, W3SVC2, ...).

Logical Path

LogicalPath

Combination of the SiteName and UrlPath fields for the All sites mode or combination of the LogName and the UrlPath fields for the the Root folder mode.
The Tree mode is available for this field.

Url

Url

The UrlPath and UrlQuery fields combined.
UrlPath?UrlQuery

File Extension

FileExtension

The extension of the requested file

Search Keywords

SearchKeywords

The search keywords used on a search engine by a visitor to land on the web site. Extracted from the Referer field.

Ad Keywords

AdKeywords

Keywords from google Ads campaigns

Ad Web Site

AdWebSite

Web site on which a Google Ads was displayed

gclid

gclid

The auto tag tracking number for Google Ads

XArrLogId

XArrLogId

The value of the Azure X-ARR-LOG-ID query variable if the option to remove it from the query was selected.

ActiveSync Command

ActiveSyncCommand

ActiveSync command extracted from the cs-uri-query field for ActiveSync request on an Exchange server

ActiveSync Device Id

ActiveSyncDeviceId

ActiveSync device Id extracted from the cs-uri-query field for ActiveSync request on an Exchange server

ActiveSync Device Type

ActiveSyncDeviceType

ActiveSync device type extracted from the cs-uri-query field for ActiveSync request on an Exchange server