IIS binded site query

Follow
Avatar
Tibor Halasz

Hi All,

I need a help, i am a beginner here. I have an simple IIS site, then there an binded url. The IIS log is contain this url name, but i dont know how to create query for chart to see the visitors by day.

Thanks!

Tibor

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Harinder Bhandari

    Can you please try this query:

    _source="IIS_source" and _collector="test1"
    | parse regex "(?<server_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (?<method>\S+) (?<cs_uri_stem>\S+) (?<cs_uri_query>\S+) (?<s_port>\S+) (?<cs_username>\S+) (?<c_ip>\S+) (?<cs_User_Agent>\S+?) (?<cs_referer>\S+) (?<sc_status>\S+) (?<sc_substatus>\S+?) (?<sc_win32_status>\S+?) (?<time_taken>\S+)"
    | where cs_referer matches "http://test.tv*"
    | count by cs_referer, c_ip
    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post