Getting Data In
Highlighted

Splunk and IIS Sourcetypes

Explorer

I keep all the IIS web sites in the following folder: D:\inetpub\LogFiles

So the tree would look like this:

D:\inetpub\LogFiles
|-> W3SVC1
|-> W3SVC2...etc.

My input.conf is set as follows:
[monitor://D:\inetpub\LogFiles]
sourcetype=iis
ignoreOlderThan = 14d

HOWEVER...It appears that the logs are coming in and splunk is applying the following sourcetypes, seemingly at random to these IIS Log files:
iis
iis-2
iis-3
iis-4

Why? The logs are exactly the same. What are all of these others sourcetypes (iis-)?

0 Karma
Highlighted

Re: Splunk and IIS Sourcetypes

Legend
0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.