sof-elk icon indicating copy to clipboard operation
sof-elk copied to clipboard

Published 20 hours ago verified publisher icon philhagen

Uploading IIS Logs

Open tiny-diamond opened this issue 4 years ago • 2 comments

Hi Phil, Is there a way to manually upload IIS logs instead of ingesting using FileBeat? I noticed the httpd directory only accepts apache logs. Cheers

tiny-diamond avatar Jun 29 '20 05:06 tiny-diamond

IIS logs are parsed from the /logstash/httpd/ directory. The grok statements in the configuration file are applied at lines 51-58: https://github.com/philhagen/sof-elk/blob/47f730bc0200c7a72ce582c67b438ba3356f013c/configfiles/6100-httpd.conf#L51-L58

philhagen avatar Jun 29 '20 21:06 philhagen

It currently appears as if this conf file stores IIS timestamps into a new string variable timestamp instead of inserting it into the @timestamp variable.

joshlemon avatar Aug 24 '20 05:08 joshlemon