This Splunk query will reference a lookup table to return user agent (browser information) within IIS logs. Specifically the output will list browser name and version, crawler, and mobile. It will give a count based on visits not hits (hence the dedup). Depending on the length of time this query can take a very long time to run.
*NOTE* The app TA-browscap_express – HTTP User Agent lookup with browscap must be installed
sourcetype=iis |dedup JSESSIONID| eval http_user_agent=urldecode(cs_User_Agent) | lookup browscap_lookup_express http_user_agent OUTPUT ua_parent ua_crawler ua_ismobiledevice| stats count by ua_parent ua_crawler ua_ismobiledevice | rename ua_parent as "Browser Name and Version" ua_crawler as Crawler ua_ismobiledevice as "Mobile Device"