Try this:

eventtypes.conf

[iis_events]
search = sourcetype=iis

tag=web

tags.conf

[eventtype=iis_events]
web = enabled

props.conf
[iis]
FIELDALIAS-c_ip = c_ip as src
FIELDALIAS-cs_Cookie = cs_Cookie as cookie
FIELDALIAS-cs_Referer = cs_Referer as http_referrer
FIELDALIAS-cs_User_Agent = cs_User_Agent as http_user_agent
FIELDALIAS-cs_bytes = cs_bytes as bytes_in
FIELDALIAS-s_ip = s_ip as dest
FIELDALIAS-cs_method = cs_method as http_method
FIELDALIAS-cs_uri_stem = cs_uri_stem as uri_path
FIELDALIAS-s_sitename = s_sitename as site
FIELDALIAS-sc_bytes = sc_bytes as bytes_out
FIELDALIAS-sc_status = sc_status as status
FIELDALIAS-cs_username = cs_username as user

Created one myself.