2016年6月8日 星期三

利用 Splunk TA-user-agents App 來分析 Apache log

最近有一個新的需求,想透過  Apache log  來分析出使用者是使用什麼裝置/平台進來.

不小心看到一個 Splunk 很好用,叫 TA-user-agents, URL 如下:


 https://splunkbase.splunk.com/app/1843/#/documentation

 TA-user-agents

 Overview

This TA provides and external Python lookup that parses User Agents strings,
such as those found in Web or Proxy logs.

 Installation

 To install:

 Untar the tarball file in your $SPLUNK_HOME/etc/apps directory.
 Restart Splunk.
 Usage

 The lookup expects a field in the events (http_user_agent). Once that field exists (via extractions, alias or rename). Once that field exists, you can use it in a lookup command, as such:

 index=web_proxy | lookup user_agents http_user_agent


 The lookup will output the following fields:

 ua_os_family: The name of the client OS.
 ua_os_major: The major version of the client OS.
 ua_os_minor: The minor version of the client OS.
 ua_os_patch: The patch version of the client OS.
 ua_os_patch_minor: The minor patch version of the client OS.
 ua_family: The name of the UA ("Firefox", "IE")
 ua_major: The major version of the UA.
 ua_minor: The minor version of the UA.
 ua_patch: The patch version of the UA
 ua_device: The type of device used in the event.

 ....




























沒有留言:

張貼留言