Link Search Menu Expand Document Documentation Menu
Documentation

Documentation

This version of the OpenSearch documentation is no longer maintained. For the latest version, see the current documentation. For information about OpenSearch version maintenance, see Release Schedule and Maintenance Policy.

user_agent

The user_agent processor parses any user agent (UA) string in an event and then adds the parsing results to the event’s write data.

Usage

In this example, the user_agent processor calls the source that contains the UA string, the ua field, and indicates the key to which the parsed string will write, user_agent, as shown in the following example:

  processor:
    - user_agent:
        source: "ua"
        target: "user_agent"

The following example event contains the ua field with a string that provides information about a user:

{
  "ua":  "Mozilla/5.0 (iPhone; CPU iPhone OS 13_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Mobile/15E148 Safari/604.1"
}

The user_agent processor parses the string into a format compatible with Elastic Common Schema (ECS) and then adds the result to the specified target, as shown in the following example:

{
  "user_agent": {
    "original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Mobile/15E148 Safari/604.1",
    "os": {
        "version": "13.5.1",
        "full": "iOS 13.5.1",
        "name": "iOS"
    },
    "name": "Mobile Safari",
    "version": "13.1.1",
    "device": {
        "name": "iPhone"
    }
  },
  "ua":  "Mozilla/5.0 (iPhone; CPU iPhone OS 13_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Mobile/15E148 Safari/604.1"
}

Configuration options

You can use the following configuration options with the user_agent processor.

Option Required Description
source Yes The field in the event that will be parsed.
target No The field to which the parsed event will write. Default is user_agent.
exclude_original No Determines whether to exclude the original UA string from the parsing result. Defaults to false.
cache_size No The cache size of the parser in megabytes. Defaults to 1000.
tags_on_parse_failure No The tag to add to an event if the user_agent processor fails to parse the UA string.
350 characters left

Have a question? .

Want to contribute? or .

OpenSearch Links

Get Involved

Resources

Connect

© 2023 OpenSearch contributors. OpenSearch is a registered trademark of Amazon Web Services.

© 2005-2021 Django Software Foundation and individual contributors. Django is a registered trademark of the Django Software Foundation.
This website was forked from the BSD-licensed djangoproject.com originally designed by Threespot & andrevv.
We ♡ Django and the Django community. If you need a high-level Python framework, check it out.