How abouit filterin on the msg content?
In our case we have to messages indicating the sign-in process to be successfull
1.) "Primary authentication successful"...
-> But here it may happen that the user may not get mapped any roles,so the overall result will not be successfull, but anyway good to know, e.g. for troubleshooting
2.) "Login succeeded"....
The filter could look like:
msg = ("*Primary authentication successful*" OR "*Login succeeded*")