I installed the Microsoft - IIS content pack on my Log Insight cluster. I noticed it requires certain fields to be enabled on the IIS server for the logs. My question is, for it to work correctly, are these the only fields that "can" be enabled or do I just need to make sure that at least these ones are enabled? Hope that makes sense.
Thanks,
Tim
IIS Prerequisites:
IIS content pack uses logs in W3C format, the following fields need to be enabled in IIS logs using IIS Manager:
• date
• time
• s-sitename
• s-ip
• cs-method
• cs-uri-stem
• cs-uri-query
• s-port
• cs-username
• c-ip
• cs (User-Agent)
• sc-status
• sc-substatus
• sc-win32-status
• time-taken