Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to find out user device details ?

jaibalaraman
Path Finder
‎10-05-2020 05:40 PM

Excuse my knowledge with Splunk how do track user device details 

Mobile ( Device model , OS version )

Browser ( Browser details  , version ) 

0 Karma
Reply

jaibalaraman
Path Finder
‎10-13-2020 08:16 PM

Hi Richard 

Thank you so much for the detailed explanation. However its bit confusing. 

Could you please help me on this

0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎10-06-2020 07:15 AM

It depends and there are a LOT of options here, partly depending on what you want to do with it, mostly depending on where the "original" source of data is, if anywhere.

If there is no original source of data, I'd probably recommend using a CSV file (you can build one in Excel or Google Sheets).  If you save it as a lookup you can use that to enrich other data.  That should be outlined fairly well in the following docs (and places those docs lead - keep reading and following links!), but if you get 80% of the way through and can't figure out the rest, you'll probably want to create a new question specifically about the problem you are running into.)

https://docs.splunk.com/Documentation/Splunk/8.0.6/Knowledge/Aboutlookupsandfieldactions

Likewise, if there is a spreadsheet of it already, maybe just save that as a csv file (the right tab of it, of course) and use that as above.  Someone will need to update that every now and then.

If this data is already somewhere in a DB or app,  you might be able to pull it into Splunk directly.  If a DB, you may be able to use DB Connect.  If some other app, hunt around in Splunkbase to see if you can find an app that pulls the data in.  This has the benefit (probably) of being able to be updated regularly without needing someone to export data.

You may  be asking an *entirely* different question, though!  If you are instead asking "How do I make a pretty chart or graph of who has which device, if I have apache web logs?" (Substitute whatever log source you have!).  Then the answer gets even more complex, but also maybe easier.  Different anyway.  🙂

There, I'd suggest doing the following -

1) Take the Free Splunk Training course "Fundamentals 1".  It's self paced and takes, oh, maybe half a day to a day (going from what others tell me, your time may differ).

https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html

2) Then find and download the Splunk Tutorial data and follow it.

https://docs.splunk.com/Documentation/Splunk/8.0.6/SearchTutorial/WelcometotheSearchTutorial

Happy Splunking!

-Rich

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...