<< Click to Display Table of Contents >> Navigation: Reference > Advanced > Field list |
You will find hereafter a reference of all fields that will appear in the displayed HTTP logs. Of course, this doesn't include custom fields that you can configure by yourself to be extracted from the logs.
Display name |
Field name |
W3C field name |
Visible |
Description |
---|---|---|---|---|
Date |
|
date |
No |
The date when the web request took place |
Time |
|
time |
No |
The time of the day when the web request took place |
Site Name |
SiteName |
s-sitename |
Yes |
The IIS web site name |
Server IP Address |
ServerIP |
s-ip |
No |
The server IP address |
Method |
Method |
cs-method |
Yes |
The HTTP request method: GET, POST... |
URL path |
UrlPath |
cs-uri-stem |
Yes |
The path of the requested URL |
URL Query |
UrlQuery |
cs-uri-query |
Yes |
The query of the requested URL |
Server Port |
Port |
s-port |
Yes |
The port used to contact the web server. Usually 80 for http and 443 for https |
User Name |
UserName |
cs-username |
Yes |
The account name if the interned user is authenticated on the web site |
Client IP Address |
ClientIP |
c-ip |
Yes |
IP address of the client web browser |
User Agent |
UserAgent |
cs(User-Agent) |
Yes |
String sent by the browser allowing to determine the type and version of the browser and the operating system on which the web browser is running |
Cookie |
Cookie |
cs(Cookie) |
Yes |
Cookies exchanged between the web server and the browser |
Referer |
Referer |
cs(Referer) |
Yes |
The URL of the web page from which the current page was requested |
Protocol Status |
Status |
sc-status |
Yes |
The HTTP status code 200, 404, 301, 500 ... |
Protocol Sub-status |
SubStatus |
sc-substatus |
Yes |
The HTTP sub status code. You will get IIS sub status codes at the following link: |
Win32 Status |
Win32Status |
sc-win32-status |
Yes |
The Windows error code associated to the error status |
Time Taken |
TimeTaken |
time-taken |
Yes |
The time taken by the request to execute on the server in milliseconds |
Bytes Sent |
BytesSent |
sc-bytes |
Yes |
The number of bytes sent by the browser to the web server |
Bytes Received |
BytesReceived |
cs-bytes |
Yes |
The number of bytes downloaded by the browser from the server |
Protocol Version |
ProtocolVersion |
cs-version |
Yes |
The protocol version (HTTP or FTP) that the client used. |
Host |
Host |
cs-host |
Yes |
The address of the web site http://www.domain.com/Folder/Page/?variable=content |
FTP Session |
FtpSession |
x-session |
Yes |
FTP session number. The presence of this field is triggering the FTP mode (The status code is interpreted as FTP status instead of as a HTTP status). |
FTP Path |
FtpPath |
x-fullpath |
Yes |
Full path of the accessed file on the FTP site relatively to the root FTP folder. |
Reference:
https://technet.microsoft.com/en-us/library/cc754702(v=ws.10).aspx
The common log format contains the following fields:
ClientIP, UserName, Status, BytesSent, Method, UrlPath, UrlQuery, ProtocolVersion
The combined log format adds the two following fields:
Referer, UserAgent
And if you follow instructions in the blog post Configure Apache access logs on Ubuntu server you can add the fields TimeTaken, Port and Host.
List of fields optionally added by the HttpLogBrowser if corresponding settings are selected in the Analysis settings.
Display name |
Field name |
Description |
---|---|---|
Event Type |
EventType |
Determined by the Status field: Success 2xx, Redirection 3xx, Client error 4xx, Server error 5xx |
Event time |
EventTime |
Date and time of the web request (Date + Time) |
Day of week |
DayOfWeek |
Day number in the week. Value between 0 and 6. 0 is the first day in the week (Sunday or Monday depending on the regional settings). |
Hour of day |
HourOfDay |
Hour in the day. Integer value between 0 and 23. |
Browser Family |
BrowserFamily |
Browser family (e.g. Firefox, Chrome, IE ...) |
Browser |
Browser |
Browser with version (e.g. Firefox 47.0, Chrome 56.0.2924, IE 11.0, ...) |
OS Family |
OSFamily |
Family of the OS (e.g. Windows, OSX, ...) |
OS |
OS |
OS with version number |
Device |
Device |
The kind of device the web browser is running on. Will be Other for a desktop browser and the phone model for smart phones. For crawlers it will be Spider. |
ASP Session Id |
ASPSessionId |
If the web server uses ASP.NET sessions, the ID of the session extracted from the cs(Cookie) field |
PHP Session Id |
PHPSessionId |
If the web server uses PHP sessions, the ID of the session extracted from the cs(Cookie) field |
Referer Site |
RefererSite |
The referer web site extracted from the field cs(Referer) |
Referer Path |
RefererPath |
The path of the referer URL extracted from the field cs(Referer) |
Referer Query |
RefererQuery |
The query from the referer URL extracted from the field cs(Referer) |
Log Name |
LogName |
The name of the folder containing the log files in Root folder or All sites mode (e.g. W3SVC1, W3SVC2, ...). |
Logical Path |
LogicalPath |
Combination of the SiteName and UrlPath fields for the All sites mode or combination of the LogName and the UrlPath fields for the the Root folder mode. |
Url |
Url |
The UrlPath and UrlQuery fields combined. |
File Extension |
FileExtension |
The extension of the requested file |
Search Keywords |
SearchKeywords |
The search keywords used on a search engine by a visitor to land on the web site. Extracted from the Referer field. |
Ad Keywords |
AdKeywords |
Keywords from google Ads campaigns |
Ad Web Site |
AdWebSite |
Web site on which a Google Ads was displayed |
gclid |
gclid |
The auto tag tracking number for Google Ads |
XArrLogId |
XArrLogId |
The value of the Azure X-ARR-LOG-ID query variable if the option to remove it from the query was selected. |
ActiveSync Command |
ActiveSyncCommand |
ActiveSync command extracted from the cs-uri-query field for ActiveSync request on an Exchange server |
ActiveSync Device Id |
ActiveSyncDeviceId |
ActiveSync device Id extracted from the cs-uri-query field for ActiveSync request on an Exchange server |
ActiveSync Device Type |
ActiveSyncDeviceType |
ActiveSync device type extracted from the cs-uri-query field for ActiveSync request on an Exchange server |