I have to set up my universal forwarder to capture IIS logs. The problem is the fields are not extracting fully. I am not sure what files to configure to extract them properly. Any help is appreciated.
@davidblizzard There is a TA out there on Splunk base https://splunkbase.splunk.com/app/3185/#/details which works pretty good.
View solution in original post