We are having issues with parsing access and security logs in our SIEM because of the inconsistent fields included in log messages. If a field in the log has no value, it is not included at all. Please create consistent log messages for access and security types with null or blank value instead of forgoing field inclusion.
Sample access & security requests highlighting this can be provided on request.
Related internal f5 support request #406496