Hi,
I am trying this app in a Splunk 6.1 version.
The app works fine, but takes much time in the command.lookup (159 seconds for 1449 events)
Is there any way to accelerate de process?
The only way I found how to get fast stats on Browser usage is to study all browser user agent strings and crafting a custom query like this (my user agent field is named ua
- change it accordingly for your case):
sourcetype=...
| fields ua
| eval ua_type =
if (match(ua, "Opera| OPR/"), "Opera",
if (match(ua, "CriOS|Chrome"), "Chrome",
if (match(ua, "Firefox"), "Firefox",
if (match(ua, "\((iPad|iPhone|iPod|Macintosh);"), "Safari",
if (match(ua, "IEMobile"), "IEMobile",
if (match(ua, "MSIE|Trident"), "MSIE",
if (match(ua, "Linux") AND match(ua, "Android"), "Android Browser",
if (match(ua, "CFNetwork") AND match(ua, "Darwin"), "Apple Safari Crawler",
"Other"
))))))))
| where ua_type != "Apple Safari Crawler" AND ua_type != "Other"
| top ua_type limit=0
| rename ua_type as "Browser Type"
| sort - count
This search query will run like 500 faster. If I'll have time - i could include more variables, such as platform and device into it. Browscap gets really huge and using it as a lookup method will slow things more and more with every update.