Edit

Share via

Queries for the W3CIISLog table

  • Article

For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.

List IIS log entries

Last 50 IIS log entries.

W3CIISLog
| top 50 by TimeGenerated desc

Display breakdown respond codes

Display breakdown respond codes.

W3CIISLog 
| summarize count() by scStatus

Maximum time taken for each page

Find maximum time taken for each page.

W3CIISLog 
| summarize max(TimeTaken) by csUriStem

Show 404 pages list

Show 404 pages list.

W3CIISLog 
| where scStatus == 404
| summarize count() by csUriStem
| sort by count_ desc

Average HTTP request time

Average HTTP request time for HTTP method.

W3CIISLog 
| summarize avg(TimeTaken) by csMethod

Servers with internal server error

Show servers throwing internal server error.

W3CIISLog
| where scStatus == "500"  
| summarize count() by sComputerName

Count IIS log entries by HTTP request method

Count IIS log entries by HTTP request method.

W3CIISLog 
| summarize count() by csMethod

Count IIS log entries by HTTP user agent

Count IIS log entries by HTTP user agent.

W3CIISLog 
| summarize count() by csUserAgent

Count IIS log entries by client IP address

Count IIS log entries by client IP address.

W3CIISLog 
| summarize count() by cIP

IIS log entries for client IP

IIS log entries for a client IP.

W3CIISLog 
| where cIP == "192.168.0.1" // Enter Client IP here
| project csUriStem, scBytes, csBytes, TimeTaken, scStatus, TimeGenerated
| top 100 by TimeGenerated desc

Count of IIS log entries by URL

Count of IIS log entries by URL requested by client.

W3CIISLog 
| summarize count() by csUriStem

Count of IIS log entries by host

Count of IIS log entries by host requested by client.

W3CIISLog 
| summarize count() by csHost

Total bytes traffic by client IP

Total bytes sent and received by client IP address.

W3CIISLog 
| summarize BytesSent = sum(csBytes), BytesReceived = sum(scBytes) by cIP

Bytes received by each IIS computer

Total bytes received by each IIS computer.

W3CIISLog 
| summarize sum_csBytes = sum(csBytes) by Computer 
| top 500 by sum_csBytes desc

Bytes responded to clients by each IIS server IP

Total bytes responded to clients by each IIS server IP address.

W3CIISLog 
| summarize sum(scBytes) by sIP

Average HTTP request time by client IP

Average HTTP request time by client IP address.

W3CIISLog 
| summarize avg(TimeTaken) by cIP