IIS fields

edit

Module for parsing IIS log files.

iis

edit

Fields from IIS log files.

access

edit

Contains fields for IIS access logs.

iis.access.sub_status

The HTTP substatus code.

type: long

iis.access.win32_status

The Windows status code.

type: long

iis.access.site_name

The site name and instance number.

type: keyword

iis.access.server_name

The name of the server on which the log file entry was generated.

type: keyword

iis.access.cookie

The content of the cookie sent or received, if any.

type: keyword

iis.access.body_received.bytes

type: alias

alias to: http.request.body.bytes

iis.access.body_sent.bytes

type: alias

alias to: http.response.body.bytes

iis.access.server_ip

type: alias

alias to: destination.address

iis.access.method

type: alias

alias to: http.request.method

iis.access.url

type: alias

alias to: url.path

iis.access.query_string

type: alias

alias to: url.query

iis.access.port

type: alias

alias to: destination.port

iis.access.user_name

type: alias

alias to: user.name

iis.access.remote_ip

type: alias

alias to: source.address

iis.access.referrer

type: alias

alias to: http.request.referrer

iis.access.response_code

type: alias

alias to: http.response.status_code

iis.access.http_version

type: alias

alias to: http.version

iis.access.hostname

type: alias

alias to: host.hostname

iis.access.user_agent.device

type: alias

alias to: user_agent.device.name

iis.access.user_agent.name

type: alias

alias to: user_agent.name

iis.access.user_agent.os

type: alias

alias to: user_agent.os.full_name

iis.access.user_agent.os_name

type: alias

alias to: user_agent.os.name

iis.access.user_agent.original

type: alias

alias to: user_agent.original

iis.access.geoip.continent_name

type: alias

alias to: source.geo.continent_name

iis.access.geoip.country_iso_code

type: alias

alias to: source.geo.country_iso_code

iis.access.geoip.location

type: alias

alias to: source.geo.location

iis.access.geoip.region_name

type: alias

alias to: source.geo.region_name

iis.access.geoip.city_name

type: alias

alias to: source.geo.city_name

iis.access.geoip.region_iso_code

type: alias

alias to: source.geo.region_iso_code

error

edit

Contains fields for IIS error logs.

iis.error.reason_phrase

The HTTP reason phrase.

type: keyword

iis.error.queue_name

The IIS application pool name.

type: keyword

iis.error.remote_ip

type: alias

alias to: source.address

iis.error.remote_port

type: alias

alias to: source.port

iis.error.server_ip

type: alias

alias to: destination.address

iis.error.server_port

type: alias

alias to: destination.port

iis.error.http_version

type: alias

alias to: http.version

iis.error.method

type: alias

alias to: http.request.method

iis.error.url

type: alias

alias to: url.original

iis.error.response_code

type: alias

alias to: http.response.status_code

iis.error.geoip.continent_name

type: alias

alias to: source.geo.continent_name

iis.error.geoip.country_iso_code

type: alias

alias to: source.geo.country_iso_code

iis.error.geoip.location

type: alias

alias to: source.geo.location

iis.error.geoip.region_name

type: alias

alias to: source.geo.region_name

iis.error.geoip.city_name

type: alias

alias to: source.geo.city_name

iis.error.geoip.region_iso_code

type: alias

alias to: source.geo.region_iso_code