App for Microsoft Exchange Multiple CAS servers II...

mmodeefrc · ‎06-03-2013

Hi, I am running exchange 2010 and I am having trouble with the IIS logs from 2 of my servers. I have 2 in NJ and 1 in the UK, I am getting all the IIS logs from the CAS server in the UK but not the 2 CAS servers in NJ. They are all configured identically. I have verified the inputs are exactly the same on all the server.

I am fresh out of ideas, anything I should look for?

michael_sanchez · ‎06-28-2013

What is your architecture ? Do you use Universal forwarders to get the IIS logs ? Do your files appears in the TailingProcessor:FileStatus ? (check https://localhost:8089/services/admin/inputstatus/TailingProcessor:FileStatus)

If everything is ok on the CAS servers and if you receive others events on the indexer, it means that you should check the configuration of your indexer. Do you have some nullQueue configuration in a props.conf file ?

techslate · ‎06-27-2013

Does this article on troubleshooting iis logs.

mmodeefrc · ‎06-04-2013

I did check all that and there are no firewalls enabled. I am getting other data from that server, but just not the IIS logs.

jbernt_splunk · ‎06-04-2013

Are other data inputs flowing in from the 2 CAS servers such as event logs, security, etc.? Have you checked the firewall rules between your NJ servers and the Splunk environment?

App for Microsoft Exchange Multiple CAS servers IIS Logs

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!