Fields:

nbonner · ‎09-05-2017

Most of my web data is brought in with the Splunk Add-on for Microsoft IIS using the ms:iis:auto sourcetype. I am attempting to get the Splunk App for Web Analytics to work with this data. So far I have done the following:

updated the apps web eventtype to include the ms:iis:auto sourcetype
Configured a few sites
Ran the lookups (pages gets data but sessions does not)

None of the dashboards of populating as expected. What other steps should I take to allow the Splunk App for Web Analytics to work with the Splunk Add-on for Microsoft IIS?

pscsmoke · ‎09-30-2017

IIS logs by default don't cover all the items needed for this app. If you go into your IIS instance and adjust the fields logged to include:

Fields:

date
time
s-sitename
s-computername
s-ip
cs-method
cs-uri-stem
cs-uri-query
s-port
cs-username
c-ip
cs-version
cs(User-Agent)
cs(Cookie)
cs(Referer)
cs-host
sc-status
sc-substatus
sc-win32-status
sc-bytes
cs-bytes
time-taken

Splunk Add-on for Microsoft IIS compatability with Splunk App for Web Analytics data

Fields:

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Splunk Add-on for Microsoft IIS compatability with Splunk App for Web Analytics data

Fields:

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!