I am looking to see if there is. I am sure it can be designated on the conf file but need to determine what goes there. Also punct is simply the entire line item with everything but punctuation removed. You can use it to find like items. For more info: http://docs.splunk.com/Splexicon:Punct
... View more
Splunk is probably looking for a specific format. Try changing your IIS server to use W3C log format rather than IIS since it is a standard logging format.
... View more