How do i search for Sql injection or XSS in IIS log. Can any body give me example too
This blog entry has details for you on how to address SQL injections with Splunk.
You may just want to search for web log events with a standard deviation of greater than the average like len(_raw) with greater than 2.5 Std deviation.
Example using standard deviation here - http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/stats
Hopefully somebody else can help with the cross sight scripting details and if that is possible to determine from within an IIS Log.