Persistence on value present in one of 3 places

Don't know if this works for you, but the iRule below uses a regular expression to match the ref. If the format of the ref is unique in the traffic that is passing this iRule, then it should be okay. Otherwise you might need to tweak the regular expression a bit.

when HTTP_REQUEST {
    if {[string tolower [URI::query [HTTP::uri] "ref"]] != ""}{
        set req_trvalue [string tolower [URI::query [HTTP::uri] "ref"]]
        log local0. "REF URI: $req_trvalue"
        persist uie $req_trvalue 43200
	} else {
	    # match strings like 7c974593-b5e1-4885-a1e1-0a33403bb094
	    set lref [regexp -inline {[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-\S{4}-[a-z0-9]{12}} [HTTP::request]]
		if { !($lref == "") } {
		    set req_trvalue [join $lref]
			log local0. "REF HEADER: $req_trvalue"
			persist uie $req_trvalue 43200
		} else {
		    HTTP::collect [HTTP::header Content-Length]
		}
	}
}

when HTTP_REQUEST_DATA {
    # match strings like 7c974593-b5e1-4885-a1e1-0a33403bb094
    set lref [regexp -inline {[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-\S{4}-[a-z0-9]{12}} [HTTP::payload]]
    if { !($lref == "") } {
	    set req_trvalue [join $lref]
		log local0. "XREF BODY: $req_trvalue"
		persist uie $req_trvalue 43200
    }
    HTTP::release
}

Have fun,

     --Niels

Hello! 

Thank you for this. This works really well and logs the value for each of the 3 parts. From the screenshot below you can see the results of this:

Something however wasn't working well and some transactions were failing and this I believe is due to the request not "persisting" and being sent to the other Pool Member. (the setup is testing a round robin accross 2 seprate servers) 

I then added the LB_SELECTED LB::SERVER to see exactly where this traffic is going to and it seems as though the logging of LB::SERVER isn't really logging each HTTP request. Each transaction / connection attempts generates multiple requests as you can see from the above yet for some requests the server is only logged once. 

I then decided to use BIG IQ and can see that some are being sent to the wrong pool member and I have no idea why. I can see the reference is present in the header or payload and is always there.

Some requests don't even log the Pool Member;

I'm also unable to get the LB::enable_decisionlog working to see the logic behind choosing said pool member. 

Looking into it a little further one that failed as you can see from the below on BIG IQ (bottom is oldest) the last request which is a POST request all others are GETs has a different pool member;

The post request I believe is also the request that has the value in the payload and it seems to be the one request that goes to a different server. I also can't see the reference from the blody logged anywhere at all and I've sent well over 200 requests where the same value above is in the payload yet it doesn't log. The persistence table shows the last destination server as the one where the final POST message is sent to so I assume it changes as it reads the requests 

Does the last part that scans the payload work like an elseif statement rather than a statement on its own? 
Would it be worth also looking for the values from the sever response as I believe the value can be in there as well.