Hello,

I would like to extract the browser type string to some fields from Netscaler VPX syslog. Splunk doesn´t extract this user_agent field automatically. I have tried some reg expressions but no luck. Splunk receives this data events:

Vserver 172.128.4.4:443 - Browser_type "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" - SSLVPN_client_type Clientless

Vserver 172.128.4.4:443 - Browser_type "Mozilla/5.0 (Linux; U; Android 2.3.5; es-es; GT-I9100 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobi" - SSLVPN_client_type Clientless

How can I extract this client information to these fields:

 - os_company: The OS vendor
 - os_family: The OS family
 - os_name: The name of the OS
 - ua_build_version: The build version of the browser
 - ua_company: The user-agent vendor
 - ua_family: The user-agent family (Firefox, Safari, IE, etc.)
 - ua_major_version: Major version of the user agent
 - ua_minor_version: Minor version of the user agent
 - ua_name: Full name of the user agent