Last active
June 21, 2018 15:28
-
-
Save yjaaidi/b94088f7f0ce999e619c to your computer and use it in GitHub Desktop.
Splunk user-agent statistics
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| | search * | |
| | lookup user_agents http_user_agent as user_agent | |
| | replace "unknown" with "" in ua_device, ua_os_major, ua_os_minor | |
| | replace "Windows*" with "Windows" in ua_os_family | |
| | eval user_agent=ua_os_family + " - " + ua_family | |
| | regex user_agent!="(unknown|PhantomJS)" | |
| | eventstats dc(address) as total | |
| | stats dc(address) as count by user_agent, total | |
| | eval percentage=(count * 100/total) | |
| | table percentage user_agent | |
| | eval percentage=round(percentage, 2) | |
| | sort -percentage | |
| | streamstats sum(percentage) as cumulative_percentage |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You'll need this TA: https://splunkbase.splunk.com/app/1843/.