Is there a way for the Splunk Add-on for Microsoft Azure to read the IIS Logs of azure websites?
From the https://splunkbase.splunk.com/app/3084/#/details documentation, IIS logs aren’t mentioned as being captured by it.
We do have the IIS Logs and IIS Failed Request Logs as part of the diagnostics captured by azure websites.
Yes, use Azure Storage Blob modular input part of Splunk Add-on for Microsoft Cloud Services, and point it to the blob container collecting your IIS logs.
Some more details here with respect to W3C fields extractions:
https://answers.splunk.com/answers/469691/is-there-any-way-to-get-the-native-splunk-iis-extr.html
Any specific reason you want to read the iis logs with the Azure add-on?
There's this neat app fore web analytics:
https://splunkbase.splunk.com/app/2699/#/overview
And you can always just setup an inputs.conf to monitor the location of the IIS logs... You could put that in any splunk app you like.
The websites that we want to read the IIS Logs are Azure websites and we dont have a way install the Universal forwarder in the Azure websites due to infrastructure sharing by Azure.
We are able to read the WADLogs and other tables of the Azure websites and cloudservices using the Add-on therefore, we want to add the IISLogs of Azure websites to our monitoring.