Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Source Type IIS not identifying fields

jeremymorin
Engager
‎03-12-2015 11:55 AM

I am using Splunk Universal Forwarder to monitor IIS logfiles and send to Splunk Server. All of the fields are getting indexed and the data looks good when I do a search. Splunk automatically identifies the source type as IIS however the only fields I have are host, source and sourcetype. I'm running Splunk 6.2 on CentOS and the Splunk Universal Forwarder is running on a Windows box. When I was running in a test environment, I was able to suck in the same IIS logs and the proper fields were discovered and searchable. Nothing appears to be any different on the new server that I can see. Any guidance would be helpful and appreciated.

0 Karma
Reply

dgrubb_splunk
Splunk Employee
Splunk Employee
‎03-13-2015 03:22 AM

If your forwarder is also a 6.2 then you will need to configure the props.conf on the forwarder in order for the extractions to occur.

please see this blog for an excellent write up on the new indexed extractions:

http://blogs.splunk.com/2013/10/18/iis-logs-and-splunk-6/

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...