App for Microsoft Exchange Multiple CAS servers II...

mmodeefrc · ‎06-03-2013

Hi, I am running exchange 2010 and I am having trouble with the IIS logs from 2 of my servers. I have 2 in NJ and 1 in the UK, I am getting all the IIS logs from the CAS server in the UK but not the 2 CAS servers in NJ. They are all configured identically. I have verified the inputs are exactly the same on all the server.

I am fresh out of ideas, anything I should look for?

michael_sanchez · ‎06-28-2013

What is your architecture ? Do you use Universal forwarders to get the IIS logs ? Do your files appears in the TailingProcessor:FileStatus ? (check https://localhost:8089/services/admin/inputstatus/TailingProcessor:FileStatus)

If everything is ok on the CAS servers and if you receive others events on the indexer, it means that you should check the configuration of your indexer. Do you have some nullQueue configuration in a props.conf file ?

techslate · ‎06-27-2013

Does this article on troubleshooting iis logs.

mmodeefrc · ‎06-04-2013

I did check all that and there are no firewalls enabled. I am getting other data from that server, but just not the IIS logs.

jbernt_splunk · ‎06-04-2013

Are other data inputs flowing in from the 2 CAS servers such as event logs, security, etc.? Have you checked the firewall rules between your NJ servers and the Splunk environment?

App for Microsoft Exchange Multiple CAS servers IIS Logs

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...