I have modified the the log4j2.xml file to enable the rest access logging and this is working as expected for local Graylog users. When I try and view the activity of an Active Directory authenticated user I see the UUID of the user in the rest rest access log. Is there any way to capture the sAMAccountName value for the AD user in from the org.graylog2.rest.accesslog logger?
Hello and Welcome
Have a look at the link below to see if this helps you.
If that doesnt help, could you show a screen shot of what your looking at and maybe the version/type of graylog your using?