There should be no space in the field field we need in W3C logs. I give a sample field list and log example below.
Fields;
datetime,c-ip,cs-username,s-ip,s-port,cs-method,cs-uri-stem,cs-uri-query,sc-status,sc-bytes,cs-bytes,time-taken,cs(User-Agent),cs(Referer)
Log Sample;
2024-10-08T16:44:29 192.168.1.1 - 10.0.0.1 80 GET /index.html - 200 1024 512 123 Mozilla/5.0 (Windows NT 10.0; Win64; x64) http://example.com
After finding the separation of the fields specified in Fields in the log in the delimiter, we can start selecting the match field.
You may see options other than the methods I have shown here. I recommend you to review the list.
Then we can select the logs in the classic structure and make field matching.
You see that there is no Source.UserName information in the log. We still need to select this field, username information that does not come in this log may come in an alternative log instance and you cannot observe it if you do not select it. Select each field under Fields and create the structure.
You can use Static mapping in logs. At this stage, you need to take reference from the Log Message List.
However, if you want to make a mapping with file, you can find what you need to do specific to that method under Parse with JSON.