不小心看到一個 Splunk 很好用,叫 TA-user-agents, URL 如下:
https://splunkbase.splunk.com/app/1843/#/documentation
TA-user-agents
Overview
This TA provides and external Python lookup that parses User Agents strings,
such as those found in Web or Proxy logs.
Installation
To install:
Untar the tarball file in your $SPLUNK_HOME/etc/apps directory.
Restart Splunk.
Usage
The lookup expects a field in the events (http_user_agent). Once that field exists (via extractions, alias or rename). Once that field exists, you can use it in a lookup command, as such:
index=web_proxy | lookup user_agents http_user_agent
The lookup will output the following fields:
ua_os_family: The name of the client OS.
ua_os_major: The major version of the client OS.
ua_os_minor: The minor version of the client OS.
ua_os_patch: The patch version of the client OS.
ua_os_patch_minor: The minor patch version of the client OS.
ua_family: The name of the UA ("Firefox", "IE")
ua_major: The major version of the UA.
ua_minor: The minor version of the UA.
ua_patch: The patch version of the UA
ua_device: The type of device used in the event.
....
