I have a number of IIS logs being splunked across a number of servers but an struggling to work out how to present the information usefully.
I have 4 web servers, each have 5 web sites - each web site is a different sourcetype - IIS(iis_type).
I am extracting the following information from each web site:
method
status
responsetime
source_ip
I really want to be able to show what is going on in each website in terms of status and responsetimes and what source_ip the failures / slow responses are coming from.
I can create very basic specific searches but am struggling to present the information in a broader more intelligent way. ideally, I'd like to run a report or series of reports each day showing usage and notably failures.
any suggestions?
Have you checked the Splunk app for Web Intelligence?