Forum Discussion

armin1961's avatar
armin1961
Copper Contributor
Nov 26, 2019

How to query W3CIISLog

Hello

I'm totally lost with querying IIS HTTP logs at Azure Monitor.

It just returns NO RESULTS FOUND. 
What I'm doing wrong? Are there any configuration steps that I'm missed?

Thank you for your assistance.

 

 

  • armin1961, I am assuming you enabled IIS Logs collection in the Log Analytics workspace (Advanced Settings > Data > IIS Logs).

     

    1. Have you checked if the Log Analytics agent is running healthy in the target machine? Is it sending hearbeats? Run this query to know if your machine has been heartbeating:

     

    Heartbeat
    | summarize arg_max(TimeGenerated, *) by Computer
     
    2. Have you enabled logging in the IIS Web Sites you want to monitor? See https://support.microsoft.com/en-us/help/313437/how-to-enable-logging-in-internet-information-services-iis
     
    3. Are the Web Sites getting requests and are they being logged in the file system?

     

    • armin1961's avatar
      armin1961
      Copper Contributor

      hspinto 

      Many thanks for your quick response.

      Going piece-by-piece:

       

      ...enabled IIS Logs collection in the Log Analytics workspace (Advanced Settings > Data > IIS Logs).

      Yes, I have set up a Workspace and checked: Data > IISLogs > "Collect W3C format IIS log files".

       

      The query...  

      Heartbeat
      summarize arg_max(TimeGenerated, *) by Computer

      ... returns NO RESULTS FOUND.

       

      Have you enabled logging in the IIS Web Sites...

      I've enabled IIS logging by setting:

      App Service
      Monitoring > App Service logs: Web server logging - File System

      (pls. see the pic below)

       

      Yes, the site gets hits.

      https://exitadviser.com

       

      thank you for your assistance,

      Armin

       

       

       

       

      • armin1961's avatar
        armin1961
        Copper Contributor

        P.S.

        I've also set "Diagnostic settings" to send the stuff to Log Analytics:

         

Resources