How bring the browser information using logstash

Ganesh2303 · September 19, 2018, 11:11am

HI Team,
I have browser information in one field and how could i fetch browser version and name everything using logstash,

userAgent = Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36

sm00thindian · September 19, 2018, 1:44pm

https://www.elastic.co/guide/en/elasticsearch/plugins/6.4/ingest-user-agent.html

Ganesh2303 · September 19, 2018, 1:57pm

without install this plugin i cannot perform the above action am i right

sm00thindian · September 19, 2018, 2:10pm

Parse it yourself with dissect
https://www.elastic.co/guide/en/logstash/6.4/field-extraction.html

Ganesh2303 · September 19, 2018, 2:30pm

while im trying to install ingest plugin in offline im getting below error,

./bin/elasticsearch-plugin install file:///usr/share/elasticsearch/ingest-user-agent-6.4.0.zip
-> Downloading file:///usr/share/elasticsearch/ingest-user-agent-6.4.0.zip
[=================================================] 100%??
ERROR: elasticsearch directory is missing in the plugin zip

sm00thindian · September 19, 2018, 2:35pm

Path to your zip file is incorrect, make it simple and put the zip file in the /tmp directory
then use file:///tmp/ingest-user-agent-6.4.0.zip

-krw

Ganesh2303 · September 19, 2018, 2:38pm

Thanks,

After solving that i'm getting below error

Exception in thread "main" java.io.FileNotFoundException: /usr/tmp/elasticsearch/ingest-user-agent-6.4.0.zip (Not a directory)
        at java.io.FileInputStream.open0(Native Method)
        at java.io.FileInputStream.open(FileInputStream.java:195)
        at java.io.FileInputStream.<init>(FileInputStream.java:138)
        at java.io.FileInputStream.<init>(FileInputStream.java:93)
        at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
        at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
        at org.elasticsearch.plugins.InstallPluginCommand.downloadZip(InstallPluginCommand.java:334)
        at org.elasticsearch.plugins.InstallPluginCommand.download(InstallPluginCommand.java:253)
        at org.elasticsearch.plugins.InstallPluginCommand.execute(InstallPluginCommand.java:221)
        at org.elasticsearch.plugins.InstallPluginCommand.execute(InstallPluginCommand.java:212)
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
        at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:75)
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
        at org.elasticsearch.cli.Command.main(Command.java:90)
        at org.elasticsearch.plugins.PluginCli.main(PluginCli.java:48)

magnusbaeck · September 20, 2018, 1:26pm

https://www.elastic.co/guide/en/elasticsearch/plugins/6.4/ingest-user-agent.html

That's an ES plugin that the OP doesn't need. Use Logstash's useragent filter to parse useragent strings.

Ganesh2303 · September 20, 2018, 1:43pm

HI Magnusbaeck,
Initially i tried that way only but it doesnt work,

its contain the browser info "user_browserInfo"
useragent {

source =&gt; &quot;user_browserInfo&quot;

prefix =&gt; &quot;browserInfo_&quot;

}

am i doing any wrong

magnusbaeck · September 20, 2018, 2:46pm

Initially i tried that way only but it doesnt work,

What happens? What does an example event look like after processing (copy/paste raw JSON from Kibana)?

Ganesh2303 · September 20, 2018, 2:51pm

HI,
This is my json message,
`{"version":"1.0.0","environment":{"name":"1","hostName":"x","virtualMachine":"na","clusterName":"x","containerId":"na","containerName":"na","containerType":"JAVA"},"application":{"project":"na":"na","name":"na","type":"net"},"type":"REPORT","status":"Success","headers":{"httpStatusCode":200,"responseSize":0,"clientIp":"xx.x.x.x","referrerUrl":"na","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36","saneId":"x.x.x.x","sessionToken":"na","publicGuid":"na","url":"na","requestMethod":"GET","locale":"na"},"responseTime":13,"timestamp":"2018-09-20T14:36:41.610Z","correlationId":"na","functionName":"/na","ervicesTimestamp":"2018-09-20T14:36:41.673Z"}

filter section,
json {
source => "message"
}
mutate{
add_field => {
"user_browser" => "%{headers.userAgent}"
}
}
useragent {
source => "user_browser"
prefix => "browserInfo_"
}

Ganesh2303 · September 20, 2018, 2:57pm

Issue is fixed now and now i can extract the browser data.

sm00thindian · September 27, 2018, 3:15pm

Thanks Magnus... my bad

system · October 25, 2018, 3:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Install ingest-user-agent on ELK Logstash	3	547	November 26, 2018
How i can download zip for ingest attachment plugin? Elasticsearch	5	2089	April 2, 2019
How to install/enable ingest-geoip and ingest-user-agent in ELK STACK 7.1 Elasticsearch	4	5078	July 16, 2019
Ingest-user-agent Elasticsearch	26	2418	August 29, 2018
Can't install ingest attachment plugin from zip file Elasticsearch	2	708	December 26, 2018

How bring the browser information using logstash

Related topics