Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to find out user device details ?

jaibalaraman
Path Finder
‎10-05-2020 05:40 PM

Excuse my knowledge with Splunk how do track user device details 

Mobile ( Device model , OS version )

Browser ( Browser details  , version ) 

0 Karma
Reply

jaibalaraman
Path Finder
‎10-13-2020 08:16 PM

Hi Richard 

Thank you so much for the detailed explanation. However its bit confusing. 

Could you please help me on this

0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎10-06-2020 07:15 AM

It depends and there are a LOT of options here, partly depending on what you want to do with it, mostly depending on where the "original" source of data is, if anywhere.

If there is no original source of data, I'd probably recommend using a CSV file (you can build one in Excel or Google Sheets).  If you save it as a lookup you can use that to enrich other data.  That should be outlined fairly well in the following docs (and places those docs lead - keep reading and following links!), but if you get 80% of the way through and can't figure out the rest, you'll probably want to create a new question specifically about the problem you are running into.)

https://docs.splunk.com/Documentation/Splunk/8.0.6/Knowledge/Aboutlookupsandfieldactions

Likewise, if there is a spreadsheet of it already, maybe just save that as a csv file (the right tab of it, of course) and use that as above.  Someone will need to update that every now and then.

If this data is already somewhere in a DB or app,  you might be able to pull it into Splunk directly.  If a DB, you may be able to use DB Connect.  If some other app, hunt around in Splunkbase to see if you can find an app that pulls the data in.  This has the benefit (probably) of being able to be updated regularly without needing someone to export data.

You may  be asking an *entirely* different question, though!  If you are instead asking "How do I make a pretty chart or graph of who has which device, if I have apache web logs?" (Substitute whatever log source you have!).  Then the answer gets even more complex, but also maybe easier.  Different anyway.  🙂

There, I'd suggest doing the following -

1) Take the Free Splunk Training course "Fundamentals 1".  It's self paced and takes, oh, maybe half a day to a day (going from what others tell me, your time may differ).

https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html

2) Then find and download the Splunk Tutorial data and follow it.

https://docs.splunk.com/Documentation/Splunk/8.0.6/SearchTutorial/WelcometotheSearchTutorial

Happy Splunking!

-Rich

Reply
Get Updates on the Splunk Community!

What’s New in Splunk Observability Cloud – June 2025

What’s New in Splunk Observability Cloud – June 2025 We are excited to announce the latest enhancements to ...

Almost Too Eventful Assurance: Part 2

Work While You SleepBefore you can rely on any autonomous remediation measures, you need to close the loop ...

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

 Stay ahead of today’s evolving threats with the combined power of the Splunk Threat Research Team (STRT) and ...
Top