我的书签
添加书签
移除书签user_agent
The user_agent processor parses any user agent (UA) string in an event and then adds the parsing results to the event’s write data.
Usage
In this example, the user_agent processor calls the source that contains the UA string, the ua field, and indicates the key to which the parsed string will write, user_agent, as shown in the following example:
processor:- user_agent:source: "ua"target: "user_agent"
The following example event contains the ua field with a string that provides information about a user:
{"ua": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Mobile/15E148 Safari/604.1"}
The user_agent processor parses the string into a format compatible with Elastic Common Schema (ECS) and then adds the result to the specified target, as shown in the following example:
{"user_agent": {"original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Mobile/15E148 Safari/604.1","os": {"version": "13.5.1","full": "iOS 13.5.1","name": "iOS"},"name": "Mobile Safari","version": "13.1.1","device": {"name": "iPhone"}},"ua": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Mobile/15E148 Safari/604.1"}
Configuration options
You can use the following configuration options with the user_agent processor.
| Option | Required | Description |
|---|---|---|
source | Yes | The field in the event that will be parsed. |
target | No | The field to which the parsed event will write. Default is user_agent. |
exclude_original | No | Determines whether to exclude the original UA string from the parsing result. Defaults to false. |
cache_size | No | The cache size of the parser in megabytes. Defaults to 1000. |
tags_on_parse_failure | No | The tag to add to an event if the user_agent processor fails to parse the UA string. |
当前内容版权归 OpenSearch 或其关联方所有,如需对内容或内容相关联开源项目进行关注与资助,请访问 OpenSearch .
