« IBM MQ integration Imperva »
Elastic Docs Elastic integrations

IIS (Internet Information Services) integration

edit

IIS (Internet Information Services) integration

edit

Version

1.20.0 (View all)

Compatible Kibana version(s)

8.13.0 or higher

Supported Serverless project types
What’s this?

Security
Observability

Subscription level
What’s this?

Basic

Level of support
What’s this?

Elastic

The IIS (Internet Information Services) integration allows you to monitor your IIS Web servers. IIS is a secure, reliable, and scalable Web server that provides an easy to manage platform for developing and hosting Web applications and services.

Use the IIS integration to collect data. Then visualize that data in Kibana, create alerts to notify you if something goes wrong, and reference metrics and logs when troubleshooting an issue.

For example, you could:

  • Use IIS System/Process counters like the overall server and CPU usage for the IIS Worker Process and memory to understand how much memory is currently being used and how much is available.
  • Use IIS performance counters like Web Service: Bytes Received/Sec and Web Service: Bytes Sent/Sec to track to identify potential spikes in traffic.
  • Use IIS Web Service Cache counters to monitor user mode cache and output cache.

Data streams

edit

The IIS integration collects two types of data streams: logs and metrics.

Logs help you keep a record of events happening on your IIS Web servers. Log data streams collected by the IIS integration include access and error. Find more details in Logs.

Metrics give you insight into the state of your IIS Web servers. Metric data streams collected by the IIS integration include webserver, website, and application_pool. Find more details in Metrics.

Requirements

edit

You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it. You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended, or self-manage the Elastic Stack on your hardware.

Setup

edit

For step-by-step instructions on how to set up an integration, see the Getting started guide.

For more information on configuring IIS logging, refer to the Microsoft documentation.

Logs

edit

Compatibility

edit

The IIS module has been tested with logs from version 7.5, 8 and version 10.

access

edit

This data stream will collect and parse access IIS logs. The supported log format is W3C. The W3C log format is customizable with different fields.

The IIS ships logs with few fields by default and if the user is interested in customizing the selection, the IIS Manager provides ability to add new fields for logging.

IIS integration automatically ships certain field combinations into Elasticsearch using ingest pipelines. Please ensure that the IIS log format configuration matches one of the formats below:

Default Logging
edit
- Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
Custom Logging
edit
- Fields: date time s-sitename cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status time-taken

- Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(cookie) cs(Referer) sc-status sc-substatus sc-win32-status sc-bytes, cs-bytes time-taken

- Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes, cs-bytes time-taken

- Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken

- Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status sc-bytes, cs-bytes time-taken

- Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(cookie) cs(Referer) sc-status sc-substatus sc-win32-status sc-bytes, cs-bytes time-taken

- Fields: date time s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status sc-bytes, cs-bytes time-taken

X-Forwarded-For is an optional field which can be added with the above log formats.

If the provided log format doesn’t match with any of the above formats, then create a custom ingest pipeline processor in Kibana to process the logs.

Example

An example event for access looks as following:

{
    "@timestamp": "2018-11-19T15:24:54.000Z",
    "agent": {
        "ephemeral_id": "3f65b650-b6a3-4694-83b3-0c324a60809d",
        "id": "db17f9fb-5bcb-4116-a009-79a1bb7d4820",
        "name": "DESKTOP-RFOOE09",
        "type": "filebeat",
        "version": "8.0.0"
    },
    "destination": {
        "address": "127.0.0.1",
        "ip": "127.0.0.1",
        "port": 80
    },
    "ecs": {
        "version": "8.11.0"
    },
    "event": {
        "category": [
            "web",
            "network"
        ],
        "created": "2020-07-08T11:40:14.112Z",
        "duration": 725000000,
        "kind": "event",
        "outcome": "failure",
        "type": [
            "connection"
        ]
    },
    "http": {
        "request": {
            "method": "GET"
        },
        "response": {
            "status_code": 401
        }
    },
    "iis": {
        "access": {
            "sub_status": 3,
            "win32_status": 5
        }
    },
    "related": {
        "ip": [
            "127.0.0.1",
            "127.0.0.1"
        ]
    },
    "source": {
        "address": "127.0.0.1",
        "ip": "127.0.0.1"
    },
    "temp": {},
    "url": {
        "path": "/"
    },
    "user_agent": {
        "device": {
            "name": "Other"
        },
        "name": "Chrome",
        "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36",
        "os": {
            "full": "Windows 10",
            "name": "Windows",
            "version": "10"
        },
        "version": "70.0.3538.102"
    }
}

The fields reported are:

ECS Field Reference

Please refer to the following document for detailed information on ECS fields.

Exported fields
Field Description Type

@timestamp

Event timestamp.

date

cloud.image.id

Image ID for the cloud instance.

keyword

data_stream.dataset

Data stream dataset.

constant_keyword

data_stream.namespace

Data stream namespace.

constant_keyword

data_stream.type

Data stream type.

constant_keyword

event.dataset

Event dataset

constant_keyword

event.module

Event module

constant_keyword

host.containerized

If the host is a container.

boolean

host.os.build

OS build information.

keyword

host.os.codename

OS codename, if any.

keyword

iis.access.cookie

The content of the cookie sent or received, if any.

keyword

iis.access.server_name

The name of the server on which the log file entry was generated.

keyword

iis.access.site_name

The site name and instance number.

keyword

iis.access.sub_status

The HTTP substatus code.

long

iis.access.win32_status

The Windows status code.

long

error

edit

This data stream will collect and parse error IIS logs.

Example

An example event for error looks as following:

{
    "@timestamp": "2020-06-30T13:56:46.000Z",
    "agent": {
        "ephemeral_id": "3f65b650-b6a3-4694-83b3-0c324a60809d",
        "id": "db17f9fb-5bcb-4116-a009-79a1bb7d4820",
        "name": "DESKTOP-RFOOE09",
        "type": "filebeat",
        "version": "8.0.0"
    },
    "destination": {
        "address": "::1%0",
        "ip": "::1",
        "port": 80
    },
    "ecs": {
        "version": "8.11.0"
    },
    "event": {
        "category": [
            "web",
            "network"
        ],
        "created": "2020-07-08T11:40:13.768Z",
        "kind": "event",
        "type": [
            "connection"
        ]
    },
    "iis": {
        "error": {
            "reason_phrase": "Timer_ConnectionIdle"
        }
    },
    "related": {
        "ip": [
            "::1",
            "::1"
        ]
    },
    "source": {
        "address": "::1%0",
        "ip": "::1",
        "port": 59827
    }
}

The fields reported are:

ECS Field Reference

Please refer to the following document for detailed information on ECS fields.

Exported fields
Field Description Type

@timestamp

Event timestamp.

date

cloud.image.id

Image ID for the cloud instance.

keyword

data_stream.dataset

Data stream dataset.

constant_keyword

data_stream.namespace

Data stream namespace.

constant_keyword

data_stream.type

Data stream type.

constant_keyword

event.dataset

Event dataset

constant_keyword

event.module

Event module

constant_keyword

host.containerized

If the host is a container.

boolean

host.os.build

OS build information.

keyword

host.os.codename

OS codename, if any.

keyword

iis.error.queue_name

The IIS application pool name.

keyword

iis.error.reason_phrase

The HTTP reason phrase.

keyword

Metrics

edit

webserver

edit

The webserver data stream allows users to retrieve aggregated metrics for the entire web server.

Example

An example event for webserver looks as following:

{
    "@timestamp": "2020-07-08T11:42:12.102Z",
    "agent": {
        "ephemeral_id": "8ade3582-e6ab-4664-ba27-52b3d46953e3",
        "id": "3b73ebb6-c6ea-4354-b1f3-240ac1aa072c",
        "name": "DESKTOP-RFOOE09",
        "type": "metricbeat",
        "version": "8.0.0"
    },
    "ecs": {
        "version": "8.11.0"
    },
    "event": {
        "dataset": "iis.webserver",
        "duration": 1205854900,
        "module": "iis"
    },
    "iis": {
        "webserver": {
            "asp_net": {
                "application_restarts": 0,
                "request_wait_time": 0
            },
            "asp_net_application": {
                "pipeline_instance_count": 2,
                "requests_executing": 0,
                "requests_in_application_queue": 0
            },
            "cache": {
                "current_file_cache_memory_usage": 696,
                "current_files_cached": 2,
                "current_uris_cached": 1,
                "file_cache_hits": 18,
                "file_cache_misses": 70,
                "maximum_file_cache_memory_usage": 99453,
                "output_cache_current_items": 0,
                "output_cache_current_memory_usage": 0,
                "output_cache_total_hits": 0,
                "output_cache_total_misses": 76,
                "total_files_cached": 15,
                "total_uris_cached": 10,
                "uri_cache_hits": 14,
                "uri_cache_misses": 62
            },
            "network": {
                "anonymous_users_per_sec": 0,
                "bytes_received_per_sec": 0,
                "bytes_sent_per_sec": 0,
                "current_anonymous_users": 0,
                "current_connections": 2,
                "current_non_anonymous_users": 0,
                "delete_requests_per_sec": 0,
                "get_requests_per_sec": 0,
                "maximum_connections": 6,
                "post_requests_per_sec": 0,
                "service_uptime": 1721919,
                "total_anonymous_users": 52,
                "total_bytes_received": 33151,
                "total_bytes_sent": 903338,
                "total_connection_attempts": 23,
                "total_delete_requests": 0,
                "total_get_requests": 52,
                "total_non_anonymous_users": 0,
                "total_post_requests": 0
            },
            "process": {
                "io_read_operations_per_sec": 5.7271735422265,
                "io_write_operations_per_sec": 5.7271735422265,
                "page_faults_per_sec": 1.0738450391674688,
                "private_bytes": 106692608,
                "virtual_bytes": 2222663852032,
                "worker_process_count": 2
            }
        }
    },
    "metricset": {
        "name": "webserver",
        "period": 10000
    },
    "service": {
        "type": "iis"
    }
}

The fields reported are:

ECS Field Reference

Please refer to the following document for detailed information on ECS fields.

Exported fields
Field Description Type Unit Metric Type

@timestamp

Event timestamp.

date

agent.id

keyword

cloud.account.id

The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.

keyword

cloud.availability_zone

Availability zone in which this host is running.

keyword

cloud.image.id

Image ID for the cloud instance.

keyword

cloud.instance.id

Instance ID of the host machine.

keyword

cloud.provider

Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.

keyword

cloud.region

Region in which this host is running.

keyword

container.id

Unique container id.

keyword

data_stream.dataset

Data stream dataset.

constant_keyword

data_stream.namespace

Data stream namespace.

constant_keyword

data_stream.type

Data stream type.

constant_keyword

event.dataset

Event dataset

constant_keyword

event.module

Event module

constant_keyword

host.containerized

If the host is a container.

boolean

host.name

Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.

keyword

host.os.build

OS build information.

keyword

host.os.codename

OS codename, if any.

keyword

iis.webserver.asp_net.application_restarts

Number of applications restarts.

float

gauge

iis.webserver.asp_net.request_wait_time

Request wait time.

long

iis.webserver.asp_net_application.errors_total_per_sec

Total number of errors per sec.

float

gauge

iis.webserver.asp_net_application.pipeline_instance_count

The pipeline instance count.

float

gauge

iis.webserver.asp_net_application.requests_executing

Number of requests executing.

float

gauge

iis.webserver.asp_net_application.requests_in_application_queue

Number of requests in the application queue.

float

iis.webserver.asp_net_application.requests_per_sec

Number of requests per sec.

float

gauge

iis.webserver.cache.current_file_cache_memory_usage

The current file cache memory usage size.

float

iis.webserver.cache.current_files_cached

The number of current files cached.

float

iis.webserver.cache.current_uris_cached

The number of current uris cached.

float

iis.webserver.cache.file_cache_hits

The number of file cache hits.

float

iis.webserver.cache.file_cache_misses

The number of file cache misses.

float

iis.webserver.cache.maximum_file_cache_memory_usage

The max file cache size.

float

iis.webserver.cache.output_cache_current_items

The number of output cache current items.

float

iis.webserver.cache.output_cache_current_memory_usage

The output cache memory usage size.

float

iis.webserver.cache.output_cache_total_hits

The output cache total hits count.

float

iis.webserver.cache.output_cache_total_misses

The output cache total misses count.

float

iis.webserver.cache.total_files_cached

the total number of files cached.

float

iis.webserver.cache.total_uris_cached

The total number of URIs cached.

float

iis.webserver.cache.uri_cache_hits

The number of URIs cached hits.

float

iis.webserver.cache.uri_cache_misses

The number of URIs cache misses.

float

iis.webserver.network.anonymous_users_per_sec

The number of anonymous users per sec.

float

gauge

iis.webserver.network.bytes_received_per_sec

The size of bytes received per sec.

float

byte

gauge

iis.webserver.network.bytes_sent_per_sec

The size of bytes sent per sec.

float

byte

gauge

iis.webserver.network.current_anonymous_users

The number of current anonymous users.

float

iis.webserver.network.current_connections

The number of current connections.

float

iis.webserver.network.current_non_anonymous_users

The number of current non anonymous users.

float

iis.webserver.network.delete_requests_per_sec

Number of DELETE requests per sec.

float

gauge

iis.webserver.network.get_requests_per_sec

Number of GET requests per sec.

float

gauge

iis.webserver.network.maximum_connections

Number of maximum connections.

float

counter

iis.webserver.network.post_requests_per_sec

Number of POST requests per sec.

float

gauge

iis.webserver.network.service_uptime

Service uptime.

float

iis.webserver.network.total_anonymous_users

Total number of anonymous users.

float

counter

iis.webserver.network.total_bytes_received

Total size of bytes received.

float

byte

counter

iis.webserver.network.total_bytes_sent

Total size of bytes sent.

float

byte

counter

iis.webserver.network.total_connection_attempts

The total number of connection attempts.

float

iis.webserver.network.total_delete_requests

The total number of DELETE requests.

float

counter

iis.webserver.network.total_get_requests

The total number of GET requests.

float

counter

iis.webserver.network.total_non_anonymous_users

The total number of non anonymous users.

float

counter

iis.webserver.network.total_post_requests

The total number of POST requests.

float

counter

iis.webserver.process.cpu_usage_perc

The CPU usage percentage.

float

gauge

iis.webserver.process.handle_count

The number of handles.

float

iis.webserver.process.io_read_operations_per_sec

IO read operations per sec.

float

gauge

iis.webserver.process.io_write_operations_per_sec

IO write operations per sec.

float

gauge

iis.webserver.process.page_faults_per_sec

Memory page faults.

float

gauge

iis.webserver.process.private_bytes

Memory private bytes.

float

byte

gauge

iis.webserver.process.thread_count

The number of threads.

long

iis.webserver.process.virtual_bytes

Memory virtual bytes.

float

byte

gauge

iis.webserver.process.worker_process_count

Number of worker processes running.

float

iis.webserver.process.working_set

Memory working set.

float

service.address

Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets).

keyword

website

edit

This data stream will collect metrics of specific sites, users can configure which websites they want to monitor, else, all are considered.

Example

An example event for website looks as following:

{
    "@timestamp": "2020-07-08T11:40:22.114Z",
    "agent": {
        "ephemeral_id": "8ade3582-e6ab-4664-ba27-52b3d46953e3",
        "id": "3b73ebb6-c6ea-4354-b1f3-240ac1aa072c",
        "name": "DESKTOP-RFOOE09",
        "type": "metricbeat",
        "version": "8.0.0"
    },
    "ecs": {
        "version": "8.11.0"
    },
    "event": {
        "dataset": "iis.website",
        "duration": 5008200,
        "module": "iis"
    },
    "iis": {
        "website": {
            "name": "test2.local",
            "network": {
                "current_connections": 0,
                "maximum_connections": 4,
                "service_uptime": 1721807,
                "total_bytes_received": 4250,
                "total_bytes_sent": 135739,
                "total_connection_attempts": 7,
                "total_delete_requests": 0,
                "total_get_requests": 11,
                "total_post_requests": 0,
                "total_put_requests": 0
            }
        }
    },
    "metricset": {
        "name": "website",
        "period": 10000
    },
    "service": {
        "type": "iis"
    }
}

The fields reported are:

ECS Field Reference

Please refer to the following document for detailed information on ECS fields.

Exported fields
Field Description Type Unit Metric Type

@timestamp

Event timestamp.

date

agent.id

keyword

cloud.account.id

The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.

keyword

cloud.availability_zone

Availability zone in which this host is running.

keyword

cloud.image.id

Image ID for the cloud instance.

keyword

cloud.instance.id

Instance ID of the host machine.

keyword

cloud.provider

Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.

keyword

cloud.region

Region in which this host is running.

keyword

container.id

Unique container id.

keyword

data_stream.dataset

Data stream dataset.

constant_keyword

data_stream.namespace

Data stream namespace.

constant_keyword

data_stream.type

Data stream type.

constant_keyword

event.dataset

Event dataset

constant_keyword

event.module

Event module

constant_keyword

host.containerized

If the host is a container.

boolean

host.name

Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.

keyword

host.os.build

OS build information.

keyword

host.os.codename

OS codename, if any.

keyword

iis.website.name

website name

keyword

iis.website.network.bytes_received_per_sec

The bytes received per sec size.

float

byte

gauge

iis.website.network.bytes_sent_per_sec

The bytes sent per sec size.

float

byte

gauge

iis.website.network.current_connections

The number of current connections.

float

iis.website.network.delete_requests_per_sec

The number of DELETE requests per sec.

float

gauge

iis.website.network.get_requests_per_sec

The number of GET requests per sec.

float

gauge

iis.website.network.maximum_connections

The number of maximum connections.

float

iis.website.network.post_requests_per_sec

The number of POST requests per sec.

float

gauge

iis.website.network.put_requests_per_sec

The number of PUT requests per sec.

float

gauge

iis.website.network.service_uptime

The service uptime.

float

iis.website.network.total_bytes_received

The total number of bytes received.

float

byte

counter

iis.website.network.total_bytes_sent

The total number of bytes sent.

float

byte

counter

iis.website.network.total_connection_attempts

The total number of connection attempts.

float

counter

iis.website.network.total_delete_requests

The total number of DELETE requests.

float

counter

iis.website.network.total_get_requests

The total number of GET requests.

float

counter

iis.website.network.total_post_requests

The total number of POST requests.

float

counter

iis.website.network.total_put_requests

The total number of PUT requests.

float

counter

service.address

Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets).

keyword

application_pool

edit

This data stream will collect metrics of specific application pools, users can configure which websites they want to monitor, else, all are considered.

Example

An example event for application_pool looks as following:

{
    "@timestamp": "2020-07-08T11:41:31.048Z",
    "agent": {
        "ephemeral_id": "8ade3582-e6ab-4664-ba27-52b3d46953e3",
        "id": "3b73ebb6-c6ea-4354-b1f3-240ac1aa072c",
        "name": "DESKTOP-RFOOE09",
        "type": "metricbeat",
        "version": "8.0.0"
    },
    "ecs": {
        "version": "8.11.0"
    },
    "event": {
        "dataset": "iis.application_pool",
        "duration": 397142600,
        "module": "iis"
    },
    "iis": {
        "application_pool": {
            "name": "DefaultAppPool",
            "net_clr": {
                "total_exceptions_thrown": 0
            },
            "process": {
                "handle_count": 466,
                "private_bytes": 71516160,
                "thread_count": 30
            }
        }
    },
    "metricset": {
        "name": "application_pool",
        "period": 10000
    },
    "service": {
        "type": "iis"
    }
}

The fields reported are:

ECS Field Reference

Please refer to the following document for detailed information on ECS fields.

Exported fields
Field Description Type Unit Metric Type

@timestamp

Event timestamp.

date

agent.id

keyword

cloud.account.id

The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.

keyword

cloud.availability_zone

Availability zone in which this host is running.

keyword

cloud.image.id

Image ID for the cloud instance.

keyword

cloud.instance.id

Instance ID of the host machine.

keyword

cloud.provider

Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.

keyword

cloud.region

Region in which this host is running.

keyword

container.id

Unique container id.

keyword

data_stream.dataset

Data stream dataset.

constant_keyword

data_stream.namespace

Data stream namespace.

constant_keyword

data_stream.type

Data stream type.

constant_keyword

event.dataset

Event dataset

constant_keyword

event.module

Event module

constant_keyword

host.containerized

If the host is a container.

boolean

host.name

Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.

keyword

host.os.build

OS build information.

keyword

host.os.codename

OS codename, if any.

keyword

iis.application_pool.name

application pool name

keyword

iis.application_pool.net_clr.filters_per_sec

Number of filters per sec.

float

gauge

iis.application_pool.net_clr.finallys_per_sec

The number of finallys per sec.

float

gauge

iis.application_pool.net_clr.throw_to_catch_depth_per_sec

Throw to catch depth count per sec.

float

gauge

iis.application_pool.net_clr.total_exceptions_thrown

Total number of exceptions thrown.

long

counter

iis.application_pool.process.cpu_usage_perc

The CPU usage percentage.

float

s

gauge

iis.application_pool.process.handle_count

The number of handles.

long

iis.application_pool.process.io_read_operations_per_sec

IO read operations per sec.

float

gauge

iis.application_pool.process.io_write_operations_per_sec

IO write operations per sec.

float

gauge

iis.application_pool.process.page_faults_per_sec

Memory page faults.

float

gauge

iis.application_pool.process.private_bytes

Memory private bytes.

float

byte

gauge

iis.application_pool.process.thread_count

The number of threads.

long

counter

iis.application_pool.process.virtual_bytes

Memory virtual bytes.

float

byte

gauge

iis.application_pool.process.working_set

Memory working set.

float

service.address

Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets).

keyword

Changelog

edit
Changelog
Version Details Kibana version(s)

1.20.0

Enhancement (View pull request)
ECS version updated to 8.11.0. Update the kibana constraint to ^8.13.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template.

8.13.0 or higher

1.19.0

Enhancement (View pull request)
Add processors capability to IIS Metrics.

8.8.0 or higher

1.18.0

Enhancement (View pull request)
Add global filter on data_stream.dataset to improve performance.

8.8.0 or higher

1.17.4

Enhancement (View pull request)
Inline "by reference" visualizations

8.8.0 or higher

1.17.3

Enhancement (View pull request)
Update documentation for custom log format processing.

8.8.0 or higher

1.17.2

Bug fix (View pull request)
Fix network.forwarded_ip datatype to IP

8.8.0 or higher

1.17.1

Enhancement (View pull request)
Update README to use documentation guidelines

8.8.0 or higher

1.17.0

Enhancement (View pull request)
Add regex for Exchange logs

8.8.0 or higher

1.16.0

Enhancement (View pull request)
Update the package format_version to 3.0.0.

8.8.0 or higher

1.15.1

Bug fix (View pull request)
Add null check and ignore_missing check to the rename processor

8.8.0 or higher

1.15.0

Enhancement (View pull request)
Add ability to set condition for logs and metrics.

8.8.0 or higher

1.14.0

Enhancement (View pull request)
Update document with supported ingest patterns for access_log

8.8.0 or higher

1.13.0

Enhancement (View pull request)
Enable time series data streams for the metrics datasets. This dramatically reduces storage for metrics and is expected to progressively improve query performance. For more details, see https://www.elastic.co/guide/en/elasticsearch/reference/current/tsds.html.

8.8.0 or higher

1.12.3

Bug fix (View pull request)
Update aggregator function for a few fields having metric_type counter.

8.5.0 or higher

1.12.2

Enhancement (View pull request)
Add dimension field mapping for website datastream to support tsdb.

8.5.0 or higher

1.12.1

Enhancement (View pull request)
Add dimension field mapping for webserver datastream to support tsdb.

8.5.0 or higher

1.12.0

Enhancement (View pull request)
Add dimension field mapping for application_pool datastream to support tsdb.

8.5.0 or higher

1.11.0

Enhancement (View pull request)
Rename ownership from obs-service-integrations to obs-infraobs-integrations

8.5.0 or higher

1.10.0

Enhancement (View pull request)
Migrate Application Pool Overview dashboard visualizations to lens.

8.5.0 or higher

1.9.0

Enhancement (View pull request)
Migrate Webserver Overview dashboard visualizations to lens.

1.8.0

Enhancement (View pull request)
Migrate Website Overview dashboard visualizations to lens.

1.7.0

Enhancement (View pull request)
Migrate Webserver Process Overview dashboard visualizations to lens.

1.6.0

Enhancement (View pull request)
Migrate Access and error logs dashboard visualizations to lens.

1.5.1

Enhancement (View pull request)
Added categories and/or subcategories.

8.3.0 or higher

1.5.0

Enhancement (View pull request)
Remove deprecated controls and added new control panel

8.3.0 or higher

1.4.1

Bug fix (View pull request)
Accept multiple application pool names

8.0.0 or higher

1.4.0

Enhancement (View pull request)
Updated ECS version to 8.5.1

8.0.0 or higher

1.3.0

Enhancement (View pull request)
Added infrastructure category.

8.0.0 or higher

1.2.1

Bug fix (View pull request)
Updated the ingest pipeline to process the event.duration value.

8.0.0 or higher

1.2.0

Enhancement (View pull request)
Updated the condition check for ignore_older flag.

8.0.0 or higher

1.1.0

Enhancement (View pull request)
Add Ignore older than flag for logs stream

8.0.0 or higher

1.0.0

Enhancement (View pull request)
Make IIS GA

8.0.0 or higher

0.11.0

Enhancement (View pull request)
Update the ingest pipeline for given log format

0.10.1

Enhancement (View pull request)
Add link in readme to IIS documentation

0.10.0

Enhancement (View pull request)
Supporting a log format for IIS 10

0.9.0

Enhancement (View pull request)
Migrating the tile_map to map object in dashboard

0.8.5

Bug fix (View pull request)
Parsing of IIS access logs with IPV6 addressing

0.8.4

Enhancement (View pull request)
Add documentation for multi-fields

0.8.3

Bug fix (View pull request)
Fix event.* field mappings

0.8.2

Bug fix (View pull request)
Regenerate test files using the new GeoIP database

0.8.1

Bug fix (View pull request)
Change test public IPs to the supported subset

0.8.0

Enhancement (View pull request)
Support Kibana 8.0

0.7.2

Enhancement (View pull request)
Uniform with guidelines

0.7.1

Bug fix (View pull request)
Fix logic that checks for the forwarded tag

0.7.0

Enhancement (View pull request)
Update to ECS 1.12.0

0.6.2

Enhancement (View pull request)
Convert to generated ECS fields

0.6.1

Enhancement (View pull request)
update to ECS 1.11.0

0.6.0

Enhancement (View pull request)
Update integration description

0.5.0

Enhancement (View pull request)
Set "event.module" and "event.dataset"

0.4.0

Enhancement (View pull request)
update to ECS 1.10.0 and add event.original options

0.3.2

Enhancement (View pull request)
update to ECS 1.9.0

0.3.1

Bug fix (View pull request)
Correct sample event file.

0.1.0

Enhancement (View pull request)
initial release

« IBM MQ integration Imperva »