youtubebeat/vendor/github.com/elastic/beats/filebeat/docs/modules/iis.asciidoc

////
This file is generated! See scripts/docs_collector.py
////

[[filebeat-module-iis]]
:modulename: iis
:has-dashboards: true

== IIS module

The +{modulename}+ module parses access and error logs created by the
Internet Information Services (IIS) HTTP server.

include::../include/what-happens.asciidoc[]

[float]
=== Compatibility

This module requires the
{elasticsearch-plugins}/ingest-user-agent.html[ingest-user-agent] and
{elasticsearch-plugins}/ingest-geoip.html[ingest-geoip] Elasticsearch plugins.

The IIS module was tested with logs from version 10.

include::../include/running-modules.asciidoc[]

[float]
=== Example dashboard

This module comes with a sample dashboard. For example:

[role="screenshot"]
image::./images/kibana-iis.png[]

include::../include/configuring-intro.asciidoc[]

The following example shows how to set paths in the +modules.d/{modulename}.yml+
file to override the default paths for IIS access logs and error logs:

["source","yaml",subs="attributes"]
-----
- module: iis
  access:
    enabled: true
    var.paths: ["C:/inetpub/logs/LogFiles/*/*.log"]
  error:
    enabled: true
    var.paths: ["C:/Windows/System32/LogFiles/HTTPERR/*.log"]
-----

To specify the same settings at the command line, you use:

["source","sh",subs="attributes"]
-----
-M "iis.access.var.paths=[C:/inetpub/logs/LogFiles/*/*.log]" -M "iis.error.var.paths=[C:/Windows/System32/LogFiles/HTTPERR/*.log]"
-----


//set the fileset name used in the included example
:fileset_ex: access

include::../include/config-option-intro.asciidoc[]

[float]
==== `access` log fileset settings

include::../include/var-paths.asciidoc[]

[float]
==== `error` log fileset settings

include::../include/var-paths.asciidoc[]

:has-dashboards!:

:fileset_ex!:

:modulename!:


[float]
=== Fields

For a description of each field in the module, see the
<<exported-fields-iis,exported fields>> section.