The following Splunk Query will return a list of operating systems used within IIS logs traffic. It essentially uses a lookup to check the user agent against a known list. *NOTE* The app TA-browscap_express – HTTP User Agent lookup with browscap must be installed sourcetype=iis |dedup JSESSIONID | eval http_user_agent=urldecode(cs_User_Agent) | lookup browscap_lookup_express http_user_agent OUTPUT ua_platform_description […]
User Agent – Browser Details & Information for IIS
This Splunk query will reference a lookup table to return user agent (browser information) within IIS logs. Specifically the output will list browser name and version, crawler, and mobile. It will give a count based on visits not hits (hence the dedup). Depending on the length of time this query can take a very long […]