TimberWinR/TimberWinR.ServiceHost/sampleconf.xml

<?xml version="1.0" encoding="utf-8"?>
<TimberWinR>
  <Inputs>
    <WindowsEvents>
      <Event source="System,Application" binaryFormat="PRINT" />
    </WindowsEvents>
    <Logs>
      <Log name="Syslogs" location="C:\Logs1\*.log" />     
    </Logs>
    <IISW3CLogs>
      <IISW3CLog name="Default site" location="c:\inetpub\logs\LogFiles\W3SVC1\*" />
    </IISW3CLogs>
  </Inputs>

  <Filters>
    <Grok>
      <!--Single Tag-->
      <Match field="Text" value="%{SYSLOGLINE}" />               
    </Grok>
    <Date field="timestamp" target="@timestamp" convertToUTC="true">
      <Pattern>MMM  d HH:mm:ss</Pattern>
      <Pattern>MMM dd HH:mm:ss</Pattern>
      <Pattern>ISO8601</Pattern>
    </Date>
  </Filters>  
</TimberWinR>