SPL
User Agent – Operating System Info for web traffic
Description
The following Splunk Query will return a list of operating systems used within IIS logs traffic. It essentially uses a lookup to check the user agent against a known list.
*NOTE* The app TA-browscap_express – HTTP User Agent lookup with browscap must be installed
0 0
sourcetype=iis |dedup JSESSIONID | eval http_user_agent=urldecode(cs_User_Agent) | lookup browscap_lookup_express http_user_agent OUTPUT ua_platform_description | stats count by ua_platform_description | rename ua_platform_description as "Operating Systems Used" | sort - count
Comments
0 total
Be the first to comment on this SPL.
Leave a comment
You must log in to post a comment.