How can I fetch user_agent info and OS from AWS-WA...

raghu1228 · ‎04-22-2020

I tried many ways to fetch the Web Browser, Version and OS info from the below format, i was unable to could you please help me out from this.

{"name":"Content-Length","value":"0"},{"name":"user-agent","value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.113 Safari/537.36"},{"name":"accept","value":"image/webp,image/apng,image/,/*;q=0.8"}

index=xxxx | top http_user_agent

gives me the below result

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36 12112   25.350580
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.113 Safari/537.36 8433    17.650383
Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)  3761    7.871824
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362   2263    4.736490
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36 1030    2.155804
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18363   690 1.444179

But don't want all the info, i tried rex regen but they didn't work.

jaxd4mty · ‎08-26-2021

How did you get this data from the AWS WAF to extract properly to just output User Agent data? I'm stuck on trying to write regex to extract just the user-agent value in a stats count output...

How can I fetch user_agent info and OS from AWS-WAF logs

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!