I have some MS IIS 10 instances and I'm ingesting the IIS logs in WSC format from them. I have installed the Splunk Addon For Microsoft IIS  on my search head and both indexers. I set the sourcetype for my inputs to ms:iis:auto. The logs are being ingested but the fields are not being extracted at index time. So, I tried setting the sourcetype to ms:iis:default:85 some fields are extracted but with incorrect filed name. This seems to be due to the fact that the default fields are those for IIS 8.5 and in 10 some are not there by default (s-sitename for example).

It seems I would have to tell it what fields I'm using as per Configure field transformations in the Splunk Add-on for Microsoft IIS - Splunk Documentation for the search time extractions to work but not all my IIS servers have the same logging setup. Furthermore, I'd like index time field extraction but that does not seem to work. 

This TA is quite old (2020 last update) so I'm wondering is there a better/easier way to do this for IIS 10 ?