Security

Browser type Display issues with Useragent

puneetkharband1
Path Finder

I have a query which is giving me different types of browser stats but when I try to display that in a pie chart it shows only one of those browsers as overall

index = "cc_web" sourcetype = * | stats count(eval(match(User_Agent, "Firefox"))) as "Firefox", count(eval(match(User_Agent, "Chrome"))) as "Chrome", count(eval(match(User_Agent, "Safari"))) as "Safari", count(eval(match(User_Agent, "MSIE"))) as "IE", count(eval(match(User_Agent, "Trident"))) as "Trident", count(eval(NOT match(User_Agent, "Chrome|Firefox|Safari|MSIE|Trident"))) as "Other" | sort by User_Agent

If I display using Bar chart it shows firefox/firefox firefox chrome, firefox IE so on
if I display using Pie chart it shows only first of the browser matched

Please let me knw what is the best possible way to display the browsers.

1 Solution

ramdaspr
Contributor

When you invoke multiple count commands you are creating multiple columns in the output table i.e. multiple data series and a pie chart can use only a single data series which is why only the first browser is showing up in the chart.

You need to add a transpose the command before sorting for it to become a single data series which can be used for graphing.

index = "cc_web" sourcetype = * | stats count(eval(match(User_Agent, "Firefox"))) as "Firefox", count(eval(match(User_Agent, "Chrome"))) as "Chrome", count(eval(match(User_Agent, "Safari"))) as "Safari", count(eval(match(User_Agent, "MSIE"))) as "IE", count(eval(match(User_Agent, "Trident"))) as "Trident", count(eval(NOT match(User_Agent, "Chrome|Firefox|Safari|MSIE|Trident"))) as "Other" | transpose | sort by User_Agent

View solution in original post

ramdaspr
Contributor

When you invoke multiple count commands you are creating multiple columns in the output table i.e. multiple data series and a pie chart can use only a single data series which is why only the first browser is showing up in the chart.

You need to add a transpose the command before sorting for it to become a single data series which can be used for graphing.

index = "cc_web" sourcetype = * | stats count(eval(match(User_Agent, "Firefox"))) as "Firefox", count(eval(match(User_Agent, "Chrome"))) as "Chrome", count(eval(match(User_Agent, "Safari"))) as "Safari", count(eval(match(User_Agent, "MSIE"))) as "IE", count(eval(match(User_Agent, "Trident"))) as "Trident", count(eval(NOT match(User_Agent, "Chrome|Firefox|Safari|MSIE|Trident"))) as "Other" | transpose | sort by User_Agent

cangur
New Member

When i use this to my splunk script, it gives all data to "Other". Firefox=0, Chrome=0 IE=0

Why is that? please guide me thanks 

 

index=apache hostdomain=sube.garantibbva.com.tr (uri="/isube/login/pinverify*" OR uri="/isube/login/login/smspinverify*" OR uri="/isube/login/mobiletokenverify*") | stats count(eval(match(User_Agent, "Firefox"))) as "Firefox", count(eval(match(User_Agent, "Chrome"))) as "Chrome", count(eval(match(User_Agent, "Safari"))) as "Safari", count(eval(match(User_Agent, "MSIE"))) as "IE", count(eval(match(User_Agent, "Trident"))) as "Trident", count(eval(NOT match(User_Agent, "Chrome|Firefox|Safari|MSIE|Trident"))) as "Other" | transpose | sort by User_Agent

 

Tags (1)
0 Karma

justdan23
Path Finder

I like this as a simple, basic check to identify the Browser Type without too much complexity.

Ideally, it would be nice to parse out specifics, but starting with something basic does answer the mail on this question.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...