Hello,
I am trying to create a regex to capture different types of browsers and I found that I need to have useragent setup for that which is another regex So I tried creating a field extraction which is not working for me so I need help to figure out what I need to do.
1) Goal is to display a chart with X IP's are hitting IE and Y are hitting Firefox so on
2) What I need to accomplish this ? I have a access log which looks like this
2XX.1XX.XX.1XX - - [04/Apr/2015:17:14:24 -0400] "POST /ABC_Call/History.do HTTP/1.1" 200 22480 - - - "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" 1106670 /ABC_Call/History.do
So Above access log shows I am using IE 5.01
I used \s\"(?P<http_user_agent>[^"]+) THIS IS Not working for me
I tried this to make it work
index="cc_web" sourcetype=* | rex field=_raw "\s\"(?P<http_user_agent>[^"]+)"
Error: Mismatched ']'
tried to resolve but doesnt work anything
then I found something like this which I cannot use because it says useragent
sourcetype="access_combined" useragent!="-" AND useragent!="Apache" AND useragent!="Load-weight" AND useragent!="Java" AND useragent!="Jakarta Commons-HttpClient" | stats count(eval(match(useragent, "Firefox"))) as "Firefox", count(eval(match(useragent, "Chrome"))) as "Chrome", count(eval(match(useragent, "Safari"))) as "Safari", count(eval(match(useragent, "MSIE"))) as "IE", count(eval(NOT match(useragent, "Chrome|Firefox|Safari|MSIE"))) as "Other"
Please help
