ssippe/AWS Cloudwatch Log Insights Parse IIS.txt

## AWS Cloudwatch Log Insights Parse IIS.txt

parse @message "* * * * * * * * * * * * * * *" as
date, time, s_ip, cs_method, cs_uri_stem, cs_uri_query, s_port, cs_username, c_ip, cs_User_Agent, cs_Referer, sc_status, sc_substatus, sc_win32_status, time_taken
| display @timestamp,cs_method,  cs_uri_stem, time_taken
| filter time_taken > 1000
| sort @timestamp desc
| limit 20

	parse @message "* * * * * * * * * * * * * * *" as
	date, time, s_ip, cs_method, cs_uri_stem, cs_uri_query, s_port, cs_username, c_ip, cs_User_Agent, cs_Referer, sc_status, sc_substatus, sc_win32_status, time_taken
	\| display @timestamp,cs_method, cs_uri_stem, time_taken
	\| filter time_taken > 1000
	\| sort @timestamp desc
	\| limit 20