Start with this base search
index="sample_index" sourcetype="log_alias" operation="log-in" AND userAgent!="-" AND userAgent!="Apache" AND userAgent!="Load-weight" AND userAgent!="Java" AND userAgent!="Jakarta Commons-HttpClient"
Attached to the above search, run each of the following and look at the interesting fields to identify and locate the name of the field that contains the version number. If it is the same for all of the below, then use that. If it is different, or if no field has the information, then you will have to build a composite field, perhaps using coalesce() or case()
| search match(userAgent, "Firefox") | head 5
| search match(userAgent, "Chrome") | head 5
| search match(userAgent, "Safari") | head 5
| search match(userAgent, "MSIE|Trident") | head 5
... View more