Security
Highlighted

Browser Usage Statistics

Engager

Hello Splunkers,

I am new to Splunk and I'm having a hard time generating what should be a simple report. I'd like to produce a pie chart that shows browser usage by major browser (IE, Firefox, Chrome, Safari, etc.).

I started with the following mess of a query, but it doesn't give me "chartable" results:

sourcetype="access" useragent!="-"
AND useragent!="Apache"
AND useragent!="Load-weight
"
AND useragent!="Java"
AND useragent!="Jakarta Commons-HttpClient
"
AND useragent!="Mozilla/4.0 en"
| table SessionCookie, useragent
| dedup SessionCookie
| stats
count(eval(match(useragent, "Firefox"))) as "Firefox",
count(eval(match(useragent, "Chrome"))) as "Chrome",
count(eval(match(useragent, "Safari"))) as "Safari",
count(eval(match(useragent, "MSIE"))) as "IE",
count(eval(NOT match(useragent, "Chrome|Firefox|Safari|MSIE"))) as "Other"

Does anyone have an example query that could get me to my pie chart?

Thanks,
Mark

Tags (2)
0 Karma
Highlighted

Re: Browser Usage Statistics

Legend

Could you provide more details on what the current result is and how it differs from the desired result?

0 Karma
Highlighted

Re: Browser Usage Statistics

Splunk Employee
Splunk Employee

since the useragent is being extracted already, you should be able to do a

sourcetype="access" useragent!="-" 
  AND useragent!="Apache" 
  AND useragent!="Load-weight" 
  AND useragent!="Java" 
  AND useragent!="Jakarta Commons-HttpClient" 
  AND useragent!="Mozilla/4.0 [en] (WinNT; I)"
| table SessionCookie, useragent 
| dedup SessionCookie 
| stats count by useragent

You also might want to add a case that if useragent does not match Chrome, Firefox, Safari, or MSIE, to call useragent as "Other"

0 Karma
Highlighted

Re: Browser Usage Statistics

SplunkTrust
SplunkTrust

I use a search like this to return the top 50 browsers:

index=access_logs
| fields + user_agent
| rex field=user_agent "((?<browser_ff>Firefox\S+)|(?<browser_ie>MSIE [\d\.]+)|(?<browser_opera>Opera)|(?<browser_chrome>Chrome)|(?<browser_safari>Safari)|(?<browser_java>Java\S+)|(?<browser_nagios>nagios\S+)|(?<browser_nessus>[Nn][Ee][Ss][Ss][Uu][Ss])|(?<browser_apache>Apache\S+))"
| eval browser_none=if(user_agent=="-","None","")
| fillnull value="" browser_ff browser_ie browser_chrome browser_safari browser_opera browser_java browser_nagios browser_nessus broswer_none browser_apache
| eval browser = browser_ff.browser_ie.browser_chrome.browser_safari.browser_opera.browser_java.browser_nagios.browser_nessus.browser_none.browser_apache
| top 50 browser
0 Karma
Highlighted

Re: Browser Usage Statistics

Builder

This query is erroring out currently.

0 Karma
Highlighted

Re: Browser Usage Statistics

Builder

Justin Azoff has posted a very useful user agent translator script/custom splunk command here:

https://github.com/JustinAzoff/splunk-scripts/blob/master/ua2os.py

Translates the horrible useragent string into browser, os type and architecture. It works very well.

Highlighted

Re: Browser Usage Statistics

Explorer

I certainly like the looks of the script, I just have no idea what to do with it. Will you please assist?

0 Karma
Highlighted

Re: Browser Usage Statistics

Builder

Hi. Did you ever get around to getting Splunk to run this python script ?

0 Karma
Highlighted

Re: Browser Usage Statistics

New Member

,did anyone get this to work?
Regex: syntax error in subpattern name (missing terminator)

0 Karma
Highlighted

Re: Browser Usage Statistics

SplunkTrust
SplunkTrust

This question is more than five years old. Please post a new question.

---
If this reply helps you, an upvote would be appreciated.
0 Karma