Invalid User Agent String

(Anush Shukla) #1

We have observed that the user agent string (user_agent.original field name) in kibana logs is showing as


for all or any web view browsers instead of the actual user agent string.

To verify and confirm it, we have started sending the user agent string in tags of the APM transactional RUM events at client side to verify the same which we did (please refer the below screenshot).

Please help us in resolving this issue which we are facing!

(Tyler Smalley) #2

Can you confirm this data is coming from the an APM agent, if so, which one?

(Anush Shukla) #3

@tylersmalley, Yes it is coming from APM agent after we added the below configuration

`apm-server.register.ingest.pipeline.enabled: true

  • pipeline: "apm_user_agent"`

to apm-server.yml.

(Tyler Smalley) #4

I am going to move this to the APM group, someone there should be able to provide some more help

1 Like
(Silvia Mitter) #5

This indeed looks suspicious. There are currently two ways how the APM Server enriches data with the UserAgent information: It either parses the information directly from the User-Agent header from the agent request, or in case the ndjson body sent by the agent includes a User-Agent in the context.request.headers, this information is set as user_agent.original.

You mention you added the UserAgent as label. Where did you parse the information from, is it sent as headers with the agent request?

(Anush Shukla) #6

@simitt thank you for looking into this. With reference to the screenshot above in the question, the labels.userAgent value is being sent from the browser's user agent from the client side by adding it in the tags during the APM RUM transaction events. Let me know if more information is required from my side.

(Silvia Mitter) #7

The APM Server doesn't process this information from labels, but either from the headers that are sent by the agent, or from whatever is sent within context.request.headers under user-agent. You should be able to find the headers in your APM Server logs. Can you confirm that the user agent information there is the same as the one you are sending in the labels?

Which versions of Elasticsearch, APM Server and the RUM agent are you running?