Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Finding difficulty in extracting count of browser type from user agent

jaibalaraman
Path Finder
‎01-27-2021 06:52 PM

Hi 

I need help in determining the browser that appear in our logs. I believe the simple way to use the app TA - UA parser or an external script but unfortunately i do not have enough access rights to use the tools. 

SPL command - 

index=aws sourcetype = * Website="*" | stats count(eval(match(User_Agent, "Firefox"))) as "Firefox", count(eval(match(User_Agent, "Chrome"))) as "Chrome", count(eval(match(User_Agent, "Safari"))) as "Safari", count(eval(match(User_Agent, "MSIE"))) as "IE", count(eval(match(User_Agent, "Trident"))) as "Trident", count(eval(NOT match(User_Agent, "Chrome|Firefox|Safari|MSIE|Trident"))) as "Other" | transpose | sort by User_Agent

 
 
 

I tried the above command, it gives all data to "Other". Firefox=0, Chrome=0 IE=0

Labels (1)
Labels
Tags (1)
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-08-2021 08:11 PM

Hi @jaibalaraman,

Your problem seems that User_Agent field is not exist as it is or there is no event returns from search before stats command.  

1. Run below search to see any results?

index=aws sourcetype = * Website="*"

If there is no results, please check if Website and User_Agent fields are correct in Interesting Fields section. You can try again using correct field names. Please keep in mind that the field names are case sensitive.

2. If above returns results, try below;

index=aws sourcetype = * Website="*" User_Agent=*

 I think there will be no results, please check if  User_Agent field is correct in Interesting Fields section. You can try again using correct field name. Please keep in mind that the field names are case sensitive.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

jaibalaraman
Path Finder
‎02-01-2021 03:19 PM

Hi Splunk team 

Please find below image for sample log file 

jaibalaraman_0-1612221570204.png

 

0 Karma
Reply

manjunathmeti
Champion
‎01-27-2021 07:50 PM

hi, @jaibalaraman,
Regex applied in the match function is case sensitive, try this,

index=aws sourcetype = * Website="*" 
| stats count(eval(match(User_Agent, "(?i)Firefox"))) as "Firefox", count(eval(match(User_Agent, "(?i)Chrome"))) as "Chrome", count(eval(match(User_Agent, "(?i)Safari"))) as "Safari", count(eval(match(User_Agent, "(?i)MSIE"))) as "IE", count(eval(match(User_Agent, "(?i)Trident"))) as "Trident", count(eval(NOT match(User_Agent, "(?i)Chrome|Firefox|Safari|MSIE|Trident"))) as "Other" 
| transpose

 

If this reply helps you, an upvote/like would be appreciated.

0 Karma
Reply

jaibalaraman
Path Finder
‎01-27-2021 07:53 PM

Hi 

Yes, i tried the  SPL command and still same issue 

jaibalaraman_0-1611806002584.png

 

0 Karma
Reply

manjunathmeti
Champion
‎01-27-2021 07:54 PM

Can you post some sample data?

0 Karma
Reply

jaibalaraman
Path Finder
‎01-28-2021 12:38 PM

Hi, 

Sure 

jaibalaraman_0-1611866300077.png

 

0 Karma
Reply

manjunathmeti
Champion
‎01-28-2021 08:02 PM

I mean sample raw data.

0 Karma
Reply

jaibalaraman
Path Finder
‎02-01-2021 02:00 PM

Hi 

I am happy to share but unfortunately i don't have access to the log file.

Sorry 

Thanks 

0 Karma
Reply

jaibalaraman
Path Finder
‎02-08-2021 07:30 PM

Hi Team 

Can any one help me on this please ??

0 Karma
Reply

jaibalaraman
Path Finder
‎01-27-2021 06:53 PM

Please find below image 

jaibalaraman_1-1611802401173.png

 

 

 

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...