All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What are the benefits of Splunk Add-on for Microsoft IIS?

dmcelroy
Explorer
‎08-30-2022 12:37 AM

Hi

I am new to Splunk and looking to use it for analytics in place of Matomo. I have it gathering my logs and I can query them. However, I am trying to understand what benefits I would get from this add-on? Does it enrich the data or provide prebuilt queries/dashboards?

Thanks

Labels (1)
Labels
Tags (1)
0 Karma
Reply

dmcelroy
Explorer
‎08-30-2022 06:21 AM

Hi, thanks for the info. I have been querying the logs we are getting from IIS without this add-on and it seems to be working ok. I can search/filter on the various parts of IIS logs already (cs_username, time_taken, cs_uri_stem etc.) so I still don't really understand what I may be missing out on, plus I will need to ask our admin to make use of this and they will ask why.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-30-2022 06:48 AM

Hi

You can collect those logs with just using inputs.conf with correct definition. But in this case (TA IIS) the biggest benefit is when you install this also to SH layer, you will get CIM compliance integration. Also you could chose which are those field names based on your IIS version and probably get some additional extractions.

Also there are some data cleaning for unneeded strings (like comments) before indexing (save license).

See: https://docs.splunk.com/Documentation/AddOns/released/MSIIS/About

As @richgalloway said some other TAs are mandatory for getting data in, some helps and some are just nice to have. In personally I prefer to install these even on nice to have cases.

r. Ismo

 

Reply

dmcelroy
Explorer
‎08-30-2022 06:52 AM

Thanks. I will approach the team responsible and see if they can add this

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-30-2022 06:17 AM

In the Splunk world, an "add-on" is an extension that helps bring data into Splunk.  Sometimes, the add-on will use an API to actively retrieve data, but more often it provides configurations that help Splunk to interpret the data that arrives from a source.

In the case of this add-on, it is expected to be installed with a Splunk Universal Forwarder (UF) on the system on which IIS is running.  The add-on tells the UF to read the IIS logs and forward them to Splunk.  Install the add-on to your indexer(s)  and search head(s) so they know how to extract fields from the logs.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...