Hello, all.
I would like to filter out a specific client IP address from my IIS logs. What would be the best approach, have the UF or indexer perform the filtering and how do I go about doing that? Configuration for indexer below. Thanks! - James
Props.conf
[iis]
pulldown_type = true
MAX_TIMESTAMP_LOOKAHEAD = 32
SHOULD_LINEMERGE = False
CHECK_FOR_HEADER = False
TZ = GMT
REPORT-iisw3cfields = iisw3cfields
TRANSFORMS-removecomments = removecomments
Transforms.conf
IIS W3C Log field extractions (Identical in IIS 6 and 7)
These assume that you have enabled all available fields to be logged
[iisw3cfields]
DELIMS = " "
FIELDS = date,time,s_sitename,s_computername,s_ip,cs_method,cs_uri_stem,cs_uri_query,s_port,cs_username,c_ip,cs_version,cs(User_Agent),cs(Cookie),cs(Referer),cs_host,sc_status,sc_substatus,sc_win32_status,sc_bytes,cs_bytes,time_taken
... View more