https://community.splunk.com/t5/Security/Web-browser-analytics-for-web-site/m-p/157257#M4708 <P>I am trying to do some analytics out of the apache log file for the breakdown on types of browsers accessing the site. I have found the following script and a reference to the "documentation" which says "click here for the latest version" which goes nowhere. </P> <P><A href="https://github.com/JustinAzoff/splunk-scripts/blob/master/ua2os.py">https://github.com/JustinAzoff/splunk-scripts/blob/master/ua2os.py</A></P> <P>Anyway I'm using Splunk 6.1.2 and wnat to know :<BR /> a. Is this type of script still valid from trying to generate dashboards and information as identified above<BR /> b. Is there any documentation that discusses how to do this for Splunk 6.x</P> <P>or</P> <P>c. Preferably a step by step guide on how to get such a script working?</P> <P>Thanks in advance.</P> Fri, 25 Jul 2014 01:46:14 GMT rickwylie 2014-07-25T01:46:14Z https://community.splunk.com/t5/Security/Web-browser-analytics-for-web-site/m-p/157257#M4708 <P>I am trying to do some analytics out of the apache log file for the breakdown on types of browsers accessing the site. I have found the following script and a reference to the "documentation" which says "click here for the latest version" which goes nowhere. </P> <P><A href="https://github.com/JustinAzoff/splunk-scripts/blob/master/ua2os.py">https://github.com/JustinAzoff/splunk-scripts/blob/master/ua2os.py</A></P> <P>Anyway I'm using Splunk 6.1.2 and wnat to know :<BR /> a. Is this type of script still valid from trying to generate dashboards and information as identified above<BR /> b. Is there any documentation that discusses how to do this for Splunk 6.x</P> <P>or</P> <P>c. Preferably a step by step guide on how to get such a script working?</P> <P>Thanks in advance.</P> Fri, 25 Jul 2014 01:46:14 GMT https://community.splunk.com/t5/Security/Web-browser-analytics-for-web-site/m-p/157257#M4708 rickwylie 2014-07-25T01:46:14Z https://community.splunk.com/t5/Security/Web-browser-analytics-for-web-site/m-p/157258#M4709 <P>Have you completed forwarder and indexer configurations and indexed your logs? Can you post some sample log events from your log file.</P> Fri, 25 Jul 2014 03:18:49 GMT https://community.splunk.com/t5/Security/Web-browser-analytics-for-web-site/m-p/157258#M4709 strive 2014-07-25T03:18:49Z https://community.splunk.com/t5/Security/Web-browser-analytics-for-web-site/m-p/157259#M4710 <P>Here is what you need to do:</P> <OL> <LI><P>Get the apache logs into Splunk. As @strive mentioned, indexing the data is the first step. The apache "combined format" works well with Splunk and should have the sourcetype=access_combined.</P></LI> <LI><P>Download the free Splunk technology add-in/app <A href="http://apps.splunk.com/app/1007/">TA-uas_parser</A>. This app understands how to parse the user agent string to extract detailed info about the browser that connected.</P></LI> </OL> <P>Forget the script. </P> Fri, 25 Jul 2014 15:20:09 GMT https://community.splunk.com/t5/Security/Web-browser-analytics-for-web-site/m-p/157259#M4710 lguinn2 2014-07-25T15:20:09Z https://community.splunk.com/t5/Security/Web-browser-analytics-for-web-site/m-p/157260#M4711 <P>Hi There thanks for the responses. Yes, All my data is coming in from my forwarders and being indexed. (OSX Server running apache2.</P> <P>See sample below.</P> <P>mgovlab.codinet.ae 192.168.59.26 - - [24/Jul/2014:07:23:03 +0400] "GET /getApplicationList.php?sinceTimeStamp=1405523236 HTTP/1.1" 200 31 "-" "python-requests/2.2.1 CPython/2.7.5 Darwin/13.1.0"</P> <P>I'll try the app and see how we go. </P> <P>Thanks.</P> Fri, 25 Jul 2014 22:25:44 GMT https://community.splunk.com/t5/Security/Web-browser-analytics-for-web-site/m-p/157260#M4711 rickwylie 2014-07-25T22:25:44Z https://community.splunk.com/t5/Security/Web-browser-analytics-for-web-site/m-p/157261#M4712 <P>Hi There thanks for the responses. Yes, All my data is coming in from my forwarders and being indexed. (OSX Server running apache2.</P> <P>See sample below.</P> <P>mgovlab.codinet.ae 192.168.59.26 - - [24/Jul/2014:07:23:03 +0400] "GET /getApplicationList.php?sinceTimeStamp=1405523236 HTTP/1.1" 200 31 "-" "python-requests/2.2.1 CPython/2.7.5 Darwin/13.1.0"</P> <P>I'll try the app and see how we go. </P> <P>Thanks.</P> Fri, 25 Jul 2014 22:26:04 GMT https://community.splunk.com/t5/Security/Web-browser-analytics-for-web-site/m-p/157261#M4712 rickwylie 2014-07-25T22:26:04Z