I had an email from a customer asking the following question.
Could you help me for parser MS IIS logs? Some logs from MS IIS have user.dst field in format «domain\username»
Could you write parser to extract username to filed user.dst and write domain name (like mydomain.com) to domain field if this field present in original user.dst? For example – anonymous don’t have domain prefix. It will be very usefully for our customers on the community.
I'm going to post the answer here once I write the parser!