It would be useful if tomcat-access log entries identified the user that made the request. It is currently possible to do so manually, in a somewhat crude manner:
- For the log entry in question, find the "user:some-long-code" value in the BbRouter cookie.
- Search on that value to find all tomcat-access entries associated with that user.
- Find a request such as "GET /learn/api/v1/users/_<x>_1/memberships", then you know that the user ID is <x>.
- Search kibana with duid=<x>, and look at the value of the duser field to get the username.
- Reverse this process to find all tomcat-access entries for a given username (or use REST to get the uuid of the user you're interested in).
It would be nice if the Kibana pipeline could do this for us, and associate a duid/duser with every tomcat-access log entry, so that we could search on duser:<y> to find all page accesses for a user. Notably, this includes quite a bit more information than the activity_accumulator.
Presumably Kibana can pull in the BbRouter cookie's user value directly from the users DB table, since it's just the uuid there.
|Product Version (if applicable):||1|