When people are looking for web exploit indicators they often focus exclusively on the access logs. They're nice and regular, easy to parse, and contain plenty of useful information.
But my experience teaches me that you should not ignore your error logging. I get it, error logs are often irregular, annoying, and have to be correlated back to the access logs in some cases in order to get the full information about the request. But error logs show you things the access logs never will-- strange errors when the attacker tickles the app to get their malicious results, errors as the attacker goes through a cycle of failures trying to dial in their exploit, and application crashes when the attacker gets RCE.
Trust me, check your error logs.