User Agent – Operating System Info for web traffic

The following Splunk Query will return a list of operating systems used within IIS logs traffic. It essentially uses a lookup to check the user agent against a known list.

*NOTE* The app TA-browscap_express – HTTP User Agent lookup with browscap must be installed

sourcetype=iis |dedup JSESSIONID | eval http_user_agent=urldecode(cs_User_Agent) | lookup browscap_lookup_express http_user_agent OUTPUT ua_platform_description | stats count by ua_platform_description | rename ua_platform_description as "Operating Systems Used" | sort - count
Share This:

Leave A Comment?