Re: Is Website setup dynamic because the name of l...

dban2005 · ‎02-27-2018

We are collecting iis logs from three Windows Web servers for a very large application. Initially I named the sourcetype as iis_default and have just changed to iis to make the files to appear in Website setup of Web Analytics. The sources (log files) have appeared with wildcard filter . Now the problem is the name of the log file is changing every few hours to capture new logs. All the log files are located at D:\IISLogs\PRD\LogFiles\W3SVC, so the examples of log files are as below.
D:\IISLogs\PRD\LogFiles\W3SVC9\x_yz20180225.log
D:\IISLogs\PRD\LogFiles\W3SVC9\x_yz20180226.log
D:\IISLogs\PRD\LogFiles\W3SVC9\x_yz20180227.log

My inputs.conf:

[monitor://D:\IISLogs\PRD\LogFiles\W3SVC*\]
sourcetype = iis
disabled = false
recursive = true
alwaysOpenFile = true
blacklist = .*\.zip$
index = abcd-index.

In the Setup new website section, can I set up as D:\IISLogs\PRD\LogFiles\W3SVC*? If so, is "Configured websites" dynamic? Can it automatically take care when any new log file arrives?

On a separate question: Do I need to setup the lookups and rebuild Data Model Acceleration every time I configure a new website?

sbrice18 · ‎04-17-2018

When we add a new site we do re-run the look-up's, this is how the data gets published in the DM. You are probably aware the rebuild on the DM takes a bit of time. We are still in test phase, so we do rebuild the DM with any changes we apply.

Yes to your first question, it will see the new logs as they rotate into the directory.

dban2005 · ‎02-27-2018

Correction: All the log files are located at D:\IISLogs\PRD\LogFiles\W3SVC*

Is Website setup dynamic because the name of logging file is changing with time and date?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!