From 9081b1af1dcfef03ee386ccbdd64daf6f9851720 Mon Sep 17 00:00:00 2001
From: bmcder <33434002+bmcder@users.noreply.github.com>
Date: Thu, 19 Apr 2018 08:42:16 +0000
Subject: [PATCH] Create ParsingAnIISSMTPLog

If you are using the custom logs feature to parse a space separated log file, such as the IIS SMTP log file, you can spearate out the different fields using the Parse command in this example.
It can easily be adapted to other logs, with other separators.
---
 Log Analytics/ParsingAnIISSMTPLog | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 Log Analytics/ParsingAnIISSMTPLog

diff --git a/Log Analytics/ParsingAnIISSMTPLog b/Log Analytics/ParsingAnIISSMTPLog
new file mode 100644
index 0000000..e1a39e6
--- /dev/null
+++ b/Log Analytics/ParsingAnIISSMTPLog	
@@ -0,0 +1,2 @@
+SMTPLogs_CL 
+| parse RawData with Date " " Time " " CIP " " CSUserName " " SSiteName " " SComputerName " " SIP " " SPort " " CSMethod " " CSUriStem " " csuriquery " " scstatus " " scwin32status " " scbytes " " csbytes " " timetaken " " csversion " " cshost " " csUserAgent " " csCookie " " csReferer