Fields:

nbonner · ‎09-05-2017

Most of my web data is brought in with the Splunk Add-on for Microsoft IIS using the ms:iis:auto sourcetype. I am attempting to get the Splunk App for Web Analytics to work with this data. So far I have done the following:

updated the apps web eventtype to include the ms:iis:auto sourcetype
Configured a few sites
Ran the lookups (pages gets data but sessions does not)

None of the dashboards of populating as expected. What other steps should I take to allow the Splunk App for Web Analytics to work with the Splunk Add-on for Microsoft IIS?

pscsmoke · ‎09-30-2017

IIS logs by default don't cover all the items needed for this app. If you go into your IIS instance and adjust the fields logged to include:

Fields:

date
time
s-sitename
s-computername
s-ip
cs-method
cs-uri-stem
cs-uri-query
s-port
cs-username
c-ip
cs-version
cs(User-Agent)
cs(Cookie)
cs(Referer)
cs-host
sc-status
sc-substatus
sc-win32-status
sc-bytes
cs-bytes
time-taken

Splunk Add-on for Microsoft IIS compatability with Splunk App for Web Analytics data

Fields:

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation

Splunk Add-on for Microsoft IIS compatability with Splunk App for Web Analytics data

Fields:

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions