Skip to main content
Sumo Logic

Install the IIS 10 App and view the Dashboards

This page demonstrates how to install the IIS 10 App, and provides examples of the predefined dashboards for instant access to a system errors, requests and response times, traffic insights, and visitor insights.

This page demonstrates how to install the IIS 10 App and provides examples and explanations for each of the app's predefined dashboards.

Install the Sumo Logic IIS 10 App 

Now that you have set up collection for IIS 10, you are ready to install the Sumo Logic App for IIS 10 that provides preconfigured searches and dashboards that monitor events generated by IIS 10.

To install the app, do the following:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 
  2. To install the app, click Add to Library and complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Data Source. Select either of these options for the data source.

      • Choose Source Category, and select a source category from the list.

      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).

    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
    4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboard filters  

Each dashboard has a set of filters that you can apply to the entire dashboard, as shown in the following example. Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that are applied across the entire dashboard.

IIS10_Dashboard_Filter.png

Each panel has a set of filters that are applied to the results for that panel only, as shown in the following example. Click the funnel icon in the top panel menu bar to display a list of panel-specific filters.

IIS10_Panel_Filter.png

IIS 10 - Overview Dashboard

The IIS 10 - Overview Dashboard provides a high-level view of the performance and integrity of your Microsoft Internet Information Services (IIS) infrastructure. Dashboard panels display visual graphs and detailed information on IIS versions, platforms, and log formats. Panels also show visitor geographic locations, top app requests. OS platforms, response status, response times, and client and server errors.

Use this dashboard to:

  • Use this dashboard to get a high-level overview of sites, requests, client location, client platforms, error and threats identified.
  • Drill Down to specific use cases by clicking on specific panels of interest.

IIS10_Overview.png

IIS 10 - HTTP Error Dashboard

The IIS 10 - HTTP Error Dashboard provides detailed information on IIS error logging in HTTP. Dashboard panels show details on error events, top client and server IP addresses, top protocol versions and protocol status. Panels also show information on top reason phrases and verbs associated with HTTP errors, as well as top request details by reason.

Use this dashboard to:

  • Monitor errors logged by HTTP.SYS. The client request may be rejected by HTTP.SYS before it made it to an IIS worker process. In such cases the error is logged in the HTTPERR logs.
  • Identify the reason for failure. Check if the request violated the HTTP protocol, or if there was a WAS/the application pool failure.
  • Correct the error identified to ensure a consistent and satisfactory user experience.

IIS10_HTTPERR.png

IIS 10 - Performance Snapshot Dashboard

The IIS 10 - Performance Snapshot Dashboard provides detailed information on your IIS infrastructure integrity and performance. Dashboard panels show details on Web Service uptime, active connections, requests, user activity, and total bytes transferred. Panels also provide HTTP Service Request Queues details, such as arrivals, queue size, cache hit rate, and rejection rate.

Use this dashboard to:

  •  Monitor incoming request traffic, along with queue size and rejection rate to identify any bottlenecks.
  • Monitor cache hit rates to check how requests are being served. Typically static content has high cache hit rates.
  •  Monitor current active connections to track sudden rises in connections. A sudden rise results in increased resource requirements. A sudden rise may also indicate security attack.
  • Monitor the load on your site by looking into the rate of all the requests and rates based on specific types of HTTP methods, to anticipate resource needs and allocate them accordingly.
  • Monitor Bytes/Files transferred, to check if there is a need to make page content more lightweight, or track the most typically transferred high data content. This can also be an indicator of a potential spike in traffic.  

IIS10_Performance.png

IIS 10 - Performance Trends Dashboard

The IIS 10 - Performance Trends Dashboard provides details on ISS infrastructure trends for requests, active connections, bytes received and sent, files received and sent, queue size, arrival rate, and cache hit rate.

Use this dashboard to:

  • Monitor trends of various metrics to keep track of how requests are served over time and anticipate potential performance bottlenecks.
  • Acquire current performance snapshots of IIS servers. You can drill down to the Performance Snapshot by clicking the Requests Per Sec (All methods) panel.

IIS10_Performance_Trends.png

IIS 10 - Threat Analysis Dashboard

The IIS 10 - Threat Analysis Dashboard provides high-level views of threats throughout your IIS network. Dashboard panels display visual graphs and detailed information on Threats by Client IP, Threats by Referrer, and Threats by URL.

Use this dashboard to:

  • Identify potential threats and indicators of compromise.
  • Monitor if your site is access through:
    • bad Client IP 

    • referred by bad referrer 

    • your own webpage is page is tagged as malicious by CrowdStrike

IIS10_Threat_Analysis.png

IIS 10 - Server Operation - Errors Dashboard

The IIS 10 - Server Operation - Errors Dashboard provides visual graphs and detailed information on server operation errors in your IIS infrastructure. Dashboard panels show server errors by server, server errors over time, server error outliers, and redirections by server. Panels also show client errors by server, client error outliers, top URLS with 404 errors, and response codes over time.

Use this dashboard to:

  • Monitor server errors (5xx), client errors (4xx) and redirections (3xx). Client errors indicate missing/error pages, user made some mistakes and needs clear direction to fix it. Server errors indicate some issues on the server end.
  • Analyze redirection codes. Redirection indicates the document requested has moved and server is redirecting to new location. An SEO expert will be interested in 302 redirection code.

IIS10_Server_Operation_Errors.png

IIS 10 - Server Operation - Requests and Response Time Dashboard

The IIS 10 - Server Operation - Requests and Response Time Dashboard provides visual graphs and detailed information for the integrity of performance throughout your IIS infrastructure. Dashboard panels show response time averages, cumulative percentiles, histograms, and outliers. Panels also show details for traffic distribution, slowest pages, slowest GET and POST requests, and average redirection time.

Use this dashboard to:

  • Monitor response time details of each request. An increase in response time is a major cause for user dissatisfaction with any website.
  • Diagnose the reason(s) for the deterioration in performance, in conjunction with the Performance dashboards.

IIS10_Server_Operation_Requests_and_Response_Time.png

IIS 10 - Server Operation - Requests Stats Dashboard

The IIS 10 - Server Operation - Requests Stats Dashboard provides visual graphs and statistics for requests made throughout your IIS infrastructure. Dashboard panels show the number of requests, request methods, request outliers, and requests by server. Panels also show details on GET, PUT, POST, and DELETE requests, as well as requests time compare and unique visitors outlier.

Use this dashboard to:

  • Monitor the load on your site for all requests, based on specific type of HTTP request and by server. This information allows you to efficiently allocate resources.
  • Identify outliers in requests.
  • Analyze request volume trends are against last 7 days to understand business fluctuations.
  • Identify how you are acquiring unique users with unique client outliers, and compare with positive and negative outliers.

IIS10_Server_Operation_Requests_Stats.png

IIS 10 - Traffic Insights - Apps and Requests Dashboard

The IIS 10 - Traffic Insights - Apps and Requests Dashboard provides high-level views and details on app requests throughout your IIS network. Dashboard panels show top app requests, app requests over time, top queries, and top referrers. Panels also show top user requests, user request percentiles, top clients, client request percentiles, and client IP stats.

Use this dashboard to:

  • Monitor applications configured on a site and the most popular applications used by clients.
  • Monitor Referrers of a site to know when to analyze marketing campaigns and advertising strategies.
  • Monitor the most active clients with details on total requests, unique pages visited, and HTTP codes.
  • Understand client activities and behavior to determine frequency of visits and number of pages visited, to plan strategies.

IIS10_Traffic_Insights_Apps_and_Requests.png

IIS 10 - Traffic Insights - Content and Client Platform Dashboard

The IIS 10 - Traffic Insights - Content and Client Platform Dashboard provides detailed information on the platforms available on your IIS network and its media traffic. Dashboard panels show details on operating systems, platform versions, as well as the browsers used on the various operating systems. Panels also show the top media types served, media types requested over time, and the top requested pages.

Use this dashboard to:

  • Monitor the location of data with IP addresses to personalize your site and pages personalized for any given location.
  • Monitor operating systems (OS), browsers, and bots information available in user agents to analyze marketing campaigns and customer engagement. It also helps you to prioritize where engineering, support, and documentation teams should concentrate their efforts.
  • Find out which pages and file types are the most popular for your web site clients.

IIS10_Traffic_Insights_Content_and_Client_Platform.png

IIS 10 - Visitor Insights Dashboard

The IIS 10 - Visitors Insights Dashboard provides at-a-glance details on visitors to your IIS network. Dashboard panels show the geographic distribution of worldwide visitors, United States visitors, visitor locations experiencing the highest number of errors, and the top visitors experiencing errors. Panels also show trends in visitors by country over time and trends in visitors by US region over time.

Use this dashboard to:

  • Monitor the client location of visitors ti your site. This helps you to determine if you are getting hits from unexpected locations that should be tracked for security.

  • Monitor which clients are experiencing HTTP Client Errors (4XX). 4xx are user errors and should clearly state what the nature of the error and how it can be avoided in the future.

IIS10_Visitor_Insights.png