IIS logs not making it from NXLog to Logstash

Elastic Stack Logstash
1

Hi, I have a windows server with NXLog installed and the below config which should be sending IIS logs from this server to our Logstash server (on a linux box). The Logstash config I'm using is also below. For whatever reason, I am not seeing any signs of the IIS logs making it into Logstash. However, the internal logs from nxlog do make it to the output file in logstash, and the event logs make it as well when turned on (not shown in my config below). I see no error messages in either NXLog or Logstash so I can't tell what is happening.

Can anyone point me in the right direction? Where can I look to figure out what's failing? Is there a common "gotcha" that I'm missing and need to fix? Any help would be greatly appreciated. I'm going on a couple days of troubleshooting and config tinkering with no sign of daylight.

NXLog Config:

## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension json>
    Module xm_json
</Extension> 
<Extension w3c>
    Module xm_csv
    Fields $date, $time, $s-sitename, $s-computername, $s-ip, $cs-method, $cs-uri-stem, $cs-uri-query, $s-port, $cs-username, $c-ip, $cs(User-Agent), $cs(Referer), $cs-host, $sc-status, $sc-substatus, $sc-win32-status, $time-taken
    FieldTypes string, string, string, string, string, string, string, string, string, string, string, string, string, string, string, string, string, string
    Delimiter ' '
</Extension>
<Input internal>
    Module im_internal
    Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json();
</Input>
<Input iis>
    Module im_file
    File "L:\\IIS\\W3SVC1\\u_ex1512*"
    SavePos TRUE
	Exec if $raw_event =~ /^#/ drop();                   \
        else                                             \
        {                                                \
            w3c->parse_csv();                            \
            $EventTime = parsedate($date + " " + $time); \
            $Message = to_json();                        \
        }
</Input>
<Output out_iis>
    Module om_tcp
    Host <my.actual.host.here>
    Port 5015
    OutputType LineBased
</Output>
<Route 1>
    Path internal, iis => out_iis
</Route>

Here is my Logstash config:

input {
  tcp {
    host => "<my.actual.host.here>"
    port => "5015"
    codec => json_lines { charset => CP1252 }
    tags => [ "tcpjson","nxlog","tcp" ]
    type => iis_log
  }
}
filter {
  if [type] == "iis_log" {
    date {
      locale => "en"
      timezone => "Etc/GMT"
      match => [ "EventTime", "YYYY-MM-dd HH:mm:ss" ]
    }
  }
}
output {
  stdout { codec => rubydebug }
}

Thanks,
Jim