All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Microsoft IIS compatability with Splunk App for Web Analytics data

nbonner
Explorer
‎09-05-2017 08:23 AM

Most of my web data is brought in with the Splunk Add-on for Microsoft IIS using the ms:iis:auto sourcetype. I am attempting to get the Splunk App for Web Analytics to work with this data. So far I have done the following:

  1. updated the apps web eventtype to include the ms:iis:auto sourcetype
  2. Configured a few sites
  3. Ran the lookups (pages gets data but sessions does not)

None of the dashboards of populating as expected. What other steps should I take to allow the Splunk App for Web Analytics to work with the Splunk Add-on for Microsoft IIS?

0 Karma
Reply

pscsmoke
Engager
‎09-30-2017 03:27 PM

IIS logs by default don't cover all the items needed for this app. If you go into your IIS instance and adjust the fields logged to include:

Fields:

date
time
s-sitename
s-computername
s-ip
cs-method
cs-uri-stem
cs-uri-query
s-port
cs-username
c-ip
cs-version
cs(User-Agent)
cs(Cookie)
cs(Referer)
cs-host
sc-status
sc-substatus
sc-win32-status
sc-bytes
cs-bytes
time-taken

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unveiled: Navigating OpenTelemetry's Framework and Deployment Options

Observability Unveiled: Navigating OpenTelemetry's Framework and Deployment Options A recent Tech Talk, ...

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...