Configure recommended fields in the Splunk Add-on for Microsoft IIS
Splunk recommends you configure these fields for your business needs. There are different configuration instructions for different versions of Microsoft IIS.
For Microsoft IIS versions 8.5 and 10.0
- Open IIS Manager.
- On server, site or application level, double click on Logging.
- Click Select Fields.
- In W3C Logging Fields window, select all the fields listed under Standard Fields.
- Next, click "Add Field under "Custom Fields box.
- In the Add Custom Field window, fill out the following fields and click on OK after adding each fields in top-down order.
Field Name Source type Source X-Forwarded-For Request Header X-Forwarded-For Content-Type Request Header Content-Type https Server Variable HTTPS - Click OK in the W3C Logging Fields window.
- Click Apply in the actions pane.
For Microsoft IIS versions 7, 7.5 and 8.0
- Open IIS Manager.
- On server, site or application level, double click Advanced Logging.
- In the action pane on right side, click Enable Advanced Logging.
- In the action pane, click Edit Logging Fields.
- In the new window, click Add Field.
- In Add Logging Field window, fill out the following fields and click on OK after adding the below fields in top-down order:
Field Name Source Type Source X-Forwarded-For Request Header X-Forwarded-For Content-Type Request Header Content-Type https Server Variable HTTPS - In the middle pane, select the default log definition
%COMPUTERNAME%-Server. Click Edit Log Definition. - Click Select Logging Fields.
- Select X-Forwarded-For, Content-Type and https from the list. Click OK.
- Click Apply in the actions pane.
Last modified on 21 July, 2021
| Configure field transformations in the Splunk Add-on for Microsoft IIS | Troubleshoot the Splunk Add-on for Microsoft IIS |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!