Splunk® Supported Add-ons

Splunk Add-on for Microsoft IIS

Release history for the Splunk Add-on for Microsoft IIS

Latest release

The latest version of the Splunk Add-on for Microsoft IIS is version 1.3.0. See Release notes for the Splunk Add-on for Microsoft IIS for the release notes of this latest version.

Version 1.2.0

Version 1.2.0 of the Splunk Add-on for Microsoft IIS was released on October 1, 2020.

Compatibility

This release is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 7.2.x, 7.3.x, 8.0.x
CIM 4.17
Platforms Platform-independent
Vendor Products Microsoft IIS 7.0, Microsoft IIS 7.5, Microsoft IIS 8.0, Microsoft IIS 8.5, Microsoft IIS 10.0

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New Features

  • Supports up to version 10 of Microsoft IIS
  • Additional source types for Microsoft IIS W3C-standard log files

Fixed issues

Version 1.2.0 of the Splunk Add-on for Microsoft IIS has the following fixed issues:


Date resolved Issue number Description
2020-08-28 ADDON-20997, ADDON-21142 FIELDALIAS is incorrect for host field
2020-08-21 ADDON-28852 File descriptor lines ingested into Splunk when using ms:iis:default sourcetype

If no issues appear, no issues were currently fixed for this release.

Known issues

This version of the Splunk Add-on for Microsoft IIS contains the following known issues.

If no issues appear, no issues have yet been reported.


Date filed Issue number Description
2020-09-24 ADDON-29718, ADDON-29686 Invalid scheme in URL field for 'ms:iis:auto', 'ms:iis:default', 'ms:iis:default:85' sourcetypes

Workaround:
Steps to resolve issue for search-time sourcetypes ( ms:iis:default, ms:iis:default:85 ):

1. Enable the HTTPS Server Variable with the field name as "https". ( The steps followed for ms:iis:splunk sourcetype. )
2. Update the Field transformation of the respective sourcetype "auto_kv_for_iis_default" (for ms:iis:default) and "auto_kv_for_iis_default_85" (for ms:iis:default:85) with the updated "Field" string from IIS log files.
3. The url field will have the correct scheme for the URL.

Steps to resolve issue for index-time sourcetype ( ms:iis:auto ):
1. Enable the HTTPS Server Variable with the field name as "https". ( The steps followed for ms:iis:splunk sourcetype. )
2. Rollover the log file either from IIS manually or wait for IIS to rollover the logfile for writing the logs.
3. The url field will have the correct scheme for the url.

Third-party software attributions

Version 1.2.0 of the Splunk Add-on for Microsoft IIS does not incorporate any third-party software or libraries.


Version 1.0.0

Version 1.0.0 of the Splunk Add-on for Microsoft IIS was released on June 8, 2016.

Compatibility

This release is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.3.X and later
CIM 4.4 and later
Platforms Platform-independent
Vendor Products Microsoft IIS 7.0 and later

Features

Version 1.0.0 is the first release of the Splunk Add-on for Microsoft IIS, which provides inputs and CIM normalization for Microsoft IIS W3C-standard log files. This release ships with the following prebuilt panels that you can add to your dashboard:

  • Microsoft IIS - Actions by Dest IP
  • Microsoft IIS - Actions by Src IP
  • Microsoft IIS - Actions by HTTP Method

Known issues

This version of the Splunk Add-on for Microsoft IIS contains the following known issues.


Date filed Issue number Description
2020-08-19 ADDON-28852 File descriptor lines ingested into Splunk when using ms:iis:default sourcetype
2019-01-17 ADDON-20997, ADDON-21142 FIELDALIAS is incorrect for host field

Workaround:
Added:

[ms:iis:auto] FIELDALIAS-s_computername = host as s_computername

2016-05-20 ADDON-9580 EndRequest-UTC and BeginRequest-UTC make the fields after them fail to extract.

Third-party software attributions

Version 1.0.0 of the Splunk Add-on for Microsoft IIS does not incorporate any third-party software or libraries.

Last modified on 07 February, 2024
Release notes for the Splunk Add-on for Microsoft IIS  

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters