Data Source: Windows IIS 29

Date: 2024-07-18

ID: 1d99ddd7-7fec-4dea-bf4f-1f4906142328

Author: Patrick Bareiss, Splunk

Description

Data source object for Windows IIS 29

Details

Property	Value
Source	`IIS:Configuration:Operational`
Sourcetype	`IIS:Configuration:Operational`
Separator	EventID

Supported Apps

Splunk Add-on for Microsoft Windows (version 8.9.0)

Event Fields

+ Fields

  <span class="pill kill-chain">_time</span>
  
  <span class="pill kill-chain">ComputerName</span>
  
  <span class="pill kill-chain">EventCode</span>
  
  <span class="pill kill-chain">EventType</span>
  
  <span class="pill kill-chain">Keywords</span>
  
  <span class="pill kill-chain">LogName</span>
  
  <span class="pill kill-chain">Message</span>
  
  <span class="pill kill-chain">OpCode</span>
  
  <span class="pill kill-chain">RecordNumber</span>
  
  <span class="pill kill-chain">Sid</span>
  
  <span class="pill kill-chain">SidType</span>
  
  <span class="pill kill-chain">SourceName</span>
  
  <span class="pill kill-chain">TaskCategory</span>
  
  <span class="pill kill-chain">Type</span>
  
  <span class="pill kill-chain">User</span>
  
  <span class="pill kill-chain">name</span>
  
</div>

Source: GitHub | Version: 1