I am trying to do some analytics out of the apache log file for the breakdown on types of browsers accessing the site. I have found the following script and a reference to the "documentation" which says "click here for the latest version" which goes nowhere.
https://github.com/JustinAzoff/splunk-scripts/blob/master/ua2os.py
Anyway I'm using Splunk 6.1.2 and wnat to know :
a. Is this type of script still valid from trying to generate dashboards and information as identified above
b. Is there any documentation that discusses how to do this for Splunk 6.x
or
c. Preferably a step by step guide on how to get such a script working?
Thanks in advance.
Hi There thanks for the responses. Yes, All my data is coming in from my forwarders and being indexed. (OSX Server running apache2.
See sample below.
mgovlab.codinet.ae 192.168.59.26 - - [24/Jul/2014:07:23:03 +0400] "GET /getApplicationList.php?sinceTimeStamp=1405523236 HTTP/1.1" 200 31 "-" "python-requests/2.2.1 CPython/2.7.5 Darwin/13.1.0"
I'll try the app and see how we go.
Thanks.
Here is what you need to do:
Get the apache logs into Splunk. As @strive mentioned, indexing the data is the first step. The apache "combined format" works well with Splunk and should have the sourcetype=access_combined.
Download the free Splunk technology add-in/app TA-uas_parser. This app understands how to parse the user agent string to extract detailed info about the browser that connected.
Forget the script.
Hi There thanks for the responses. Yes, All my data is coming in from my forwarders and being indexed. (OSX Server running apache2.
See sample below.
mgovlab.codinet.ae 192.168.59.26 - - [24/Jul/2014:07:23:03 +0400] "GET /getApplicationList.php?sinceTimeStamp=1405523236 HTTP/1.1" 200 31 "-" "python-requests/2.2.1 CPython/2.7.5 Darwin/13.1.0"
I'll try the app and see how we go.
Thanks.
Have you completed forwarder and indexer configurations and indexed your logs? Can you post some sample log events from your log file.