NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.
IIS fields
editIIS fields
editModule for parsing IIS log files.
iis fields
editFields from IIS log files.
access fields
editContains fields for IIS access logs.
-
iis.access.server_ip
-
type: keyword
The server IP address.
-
iis.access.method
-
type: keyword
example: GET
The request HTTP method.
-
iis.access.url
-
type: keyword
The request HTTP URL.
-
iis.access.query_string
-
type: keyword
The request query string, if any.
-
iis.access.port
-
type: long
The request port number.
-
iis.access.user_name
-
type: keyword
The user name used when basic authentication is used.
-
iis.access.remote_ip
-
type: keyword
The client IP address.
-
iis.access.referrer
-
type: keyword
The HTTP referrer.
-
iis.access.response_code
-
type: long
The HTTP response code.
-
iis.access.sub_status
-
type: long
The HTTP substatus code.
-
iis.access.win32_status
-
type: long
The Windows status code.
-
iis.access.request_time_ms
-
type: long
The request time in milliseconds.
-
iis.access.site_name
-
type: keyword
The site name and instance number.
-
iis.access.server_name
-
type: keyword
The name of the server on which the log file entry was generated.
-
iis.access.http_version
-
type: keyword
The HTTP version.
-
iis.access.cookie
-
type: keyword
The content of the cookie sent or received, if any.
-
iis.access.hostname
-
type: keyword
The host header name, if any.
-
iis.access.body_sent.bytes
-
type: long
format: bytes
The number of bytes of the server response body.
-
iis.access.body_received.bytes
-
type: long
format: bytes
The number of bytes of the server request body.
-
iis.access.agent
-
type: text
Contains the un-parsed user agent string. Only present if the user agent Elasticsearch plugin is not available or not used.
user_agent fields
editContains the parsed user agent field. Only present if the user agent Elasticsearch plugin is available and used.
-
iis.access.user_agent.device
-
type: keyword
The name of the physical device.
-
iis.access.user_agent.major
-
type: long
The major version of the user agent.
-
iis.access.user_agent.minor
-
type: long
The minor version of the user agent.
-
iis.access.user_agent.patch
-
type: keyword
The patch version of the user agent.
-
iis.access.user_agent.name
-
type: keyword
example: Chrome
The name of the user agent.
-
iis.access.user_agent.os
-
type: keyword
The name of the operating system.
-
iis.access.user_agent.os_major
-
type: long
The major version of the operating system.
-
iis.access.user_agent.os_minor
-
type: long
The minor version of the operating system.
-
iis.access.user_agent.os_name
-
type: keyword
The name of the operating system.
-
iis.access.user_agent.original
-
type: text
Original user agent value before parsing by ingest-user-agent plugin.
Field is not indexed.
geoip fields
editContains GeoIP information gathered based on the remote_ip field. Only present if the GeoIP Elasticsearch plugin is available and used.
-
iis.access.geoip.continent_name
-
type: keyword
The name of the continent.
-
iis.access.geoip.country_iso_code
-
type: keyword
Country ISO code.
-
iis.access.geoip.location
-
type: geo_point
The longitude and latitude.
-
iis.access.geoip.region_name
-
type: keyword
The region name.
-
iis.access.geoip.city_name
-
type: keyword
The city name.
-
iis.access.geoip.region_iso_code
-
type: keyword
Region ISO code.
error fields
editContains fields for IIS error logs.
-
iis.error.remote_ip
-
type: keyword
The client IP address.
-
iis.error.remote_port
-
type: long
The client port number.
-
iis.error.server_ip
-
type: keyword
The server IP address.
-
iis.error.server_port
-
type: long
The server port number.
-
iis.error.http_version
-
type: keyword
The HTTP version.
-
iis.error.method
-
type: keyword
example: GET
The request HTTP method.
-
iis.error.url
-
type: keyword
The request HTTP URL.
-
iis.error.response_code
-
type: long
The HTTP response code.
-
iis.error.reason_phrase
-
type: keyword
The HTTP reason phrase.
-
iis.error.queue_name
-
type: keyword
The IIS application pool name.
geoip fields
editContains GeoIP information gathered based on the remote_ip field. Only present if the GeoIP Elasticsearch plugin is available and used.
-
iis.error.geoip.continent_name
-
type: keyword
The name of the continent.
-
iis.error.geoip.country_iso_code
-
type: keyword
Country ISO code.
-
iis.error.geoip.location
-
type: geo_point
The longitude and latitude.
-
iis.error.geoip.region_name
-
type: keyword
The region name.
-
iis.error.geoip.city_name
-
type: keyword
The city name.
-
iis.error.geoip.region_iso_code
-
type: keyword
Region ISO code.