Dear all,
I'd like to filter IIS logs and forward only .aspx requests to Splunk.
I tried something like this:
[monitor://C:\inetpub\logs\LogFiles\*\*.log]
_TCP_ROUTING = default-autolb-group
disabled = 0
sourcetype=iis
whitelist = (\.aspx\s)
But the "whitelist" doesn't work and forwards all log lines to Splunk.
Could any one help me please?
Thanks for your attention.
↧