I'm sorting through web traffic and I'm trying to extract what device users are using from the user agent. However, when I have highlighted the device and check the preview, it has highlighted some different devices like Windows, Macintosh, Linux.
But it has also highlighted a lot of random strings of text that definitely aren't devices, and when I've looked through these, I can clearly see the device in that user agent that hasn't been highlighted.
Is there a way to make sure devices are being highlighted to be extracted and now random strings of text etc?
Hi @jhilton90,
are you using custom field extractions or the ones from a TA from Splunkbase?
If custom one, I hint to use the one for your technology from Splunkbase.
If instead you're using a TA from Splunkbase, the only way is to check one by one all the the regex extractions in the TA, but I cannot help you without the indication of what's the tecnology you're using and some sample of your logs.
Ciao.
Giuseppe