#### ## New Relic Logs - Basic Windows Event + IIS config v1.5 ## Built in FluentD v1.7.4 ## by AI of NR 2/4/2020 ## ## Don't forget to add your NR license key to the statement at the bottom of this file. ## ## Windows Event Log Input @type windows_eventlog @id windows_eventlog tag winevt.raw channels application,system,security @type local persistent true path c:/opt/td-agent/winevt.pos # # Windows IIS log parsing. This config uses the standard W3C format and the standard location for IIS logs. # It expects the log timestamp to be UTC. # Change the path below if you store your logs elsewhere. # @type tail tag iislog.raw path c:/inetpub/logs/logfiles/*/* pos_file c:/opt/td-agent/iislog.pos @type regexp expression /(?\d{4}-\d{2}-\d{2} [\d:]+) (?.+)/ time_format %Y-%m-%d %H:%M:%S utc true @type parser key_name message remove_key_name_field false reserve_data true reserve_time true @type csv delimiter ' ' keys hostname,req_method,req_uri,cs-uri-query,s_port,cs-username,c_ip,req_ua,req_referer,http_code,sc-substatus,sc-win32-status,time-taken null_value_pattern - null_empty_string true # # For a slightly nicer experience, add Service Name (s-sitename) to your log output, comment out the filter above and use this one instead. # # # @type parser # key_name message # remove_key_name_field false # reserve_data true # reserve_time true # # @type csv # delimiter ' ' # keys service_name,hostname,req_method,req_uri,cs-uri-query,s_port,cs-username,c_ip,req_ua,req_referer,http_code,sc-substatus,sc-win32-status,time-taken # null_value_pattern - # null_empty_string true # # @type record_transformer message ${record["description"]} hostname ${record["computer_name"]} # New Relic output @type newrelic api_key