I'm analyzing an access log for a Kerberos enabled Apache server and the log looks like

10.70.13.1 - user@EXAMPLE.COM [25/Nov/2015:18:07:29 +0100] "GET / HTTP/1.1" 200 658 "https://example.com/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36"

This does not match the COMBINEDAPACHELOG pattern. First I though it was because of the upper case but nope, lowercase also fails. If I remove @EXAMPLE.COM, it works as expected.

I think this issue should be closed as a duplicate of #141 (which has been fixed).