Combine IIS userAgent values

hburnswell · September 5, 2017, 9:44pm

Hi,

I am trying to create a simple pie chart of IIS userAgent data in Kibana and I'm curious if there is a way to combine 'like' values. For example, I receive:

Microsoft+Office/14.0
Microsoft+Office/16.0

Apple-Iphone8C1
Apple-Iphone7C2
Apple-Iphone9C1
Apple-Iphone9C3

These are all listed as separate counts. Can I combine these into less specific counts as:

Microsoft+Office*
Apple-Iphone*

Would this be done by creating a custom field on the Logstash side?

Any guidance is appreciated.

Thanks,

HB

hburnswell · September 5, 2017, 9:46pm

Sorry, I should have added that I am using Metricbeat, Logstash, and Kibana versions 5.5.2.

Thanks,

HB

kmsasidhar · September 6, 2017, 12:38am

I am assuming you are able to parse and store user_agent in Elasticsearch.
You can use filters in Kibana.

Visualize -> Add New -> Pie
Split Slices -> Filters (aggregation) -> Filter 1 -> user_agent:Microsoft*
Add Filter -> Filter 2 -> user_agent:Apple*

(assuming your field name is user_agent)

hburnswell · September 7, 2017, 1:09pm

Thank you @kmsasidhar. That is exactly what I needed, I appreciate the help..

HB

kmsasidhar · September 7, 2017, 5:24pm

Welcome. I got help from this forum many times!

system · October 5, 2017, 5:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.