Splunkers,
I am trying to get IIS log W3C log events into Enterprise Security App. I made the IIS events an eventtype with tag: web, and made the following field aliases:
c_ip as src
cs_Cookie as cookie
cs_Referer as http_referrer
cs_User_Agent as http_user_agent
cs_bytes as bytes_in
s_ip as dest
cs_method as http_method
cs_uri_stem as uri_path
s_sitename as site
sc_bytes as bytes_out
sc_status as status
cs_username as user
I made the permissions as wide as possible, but after a reboot ESA still does not see the data as for example the ESA HTTP User Agent Analysis remains blank. What am I doing wrong?
... View more