Hello,
My logstash's version is 7.7.1
I use the logstash user agent to parse the url,but i can't get the user agent os with version
I got the parse info as blow:
"name" => "Firefox",
"os_name" => "Windows",
"original" => "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2) Gecko/20100115 Firefox/3.6",
"minor" => "6",
"os" => "Windows",
"major" => "3",
I use the elasticsearch urldecode processor to parse the url
PUT _ingest/pipeline/user_agent
{
"description" : "Add user agent information",
"processors" : [
{
"user_agent" : {
"field" : "agent"
}
}
]
}
PUT my_index/_doc/my_id?pipeline=user_agent
{
"agent": "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2) Gecko/20100115 Firefox/3.6"
}
GET my_index/_doc/my_id
the result is
{
"_index" : "my_index",
"_type" : "_doc",
"_id" : "my_id",
"_version" : 1,
"_seq_no" : 8,
"_primary_term" : 1,
"found" : true,
"_source" : {
"agent" : "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2) Gecko/20100115 Firefox/3.6",
"user_agent" : {
"original" : "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2) Gecko/20100115 Firefox/3.6",
"os" : {
"name" : "Windows",
"version" : "XP",
"full" : "Windows XP"
},
"name" : "Firefox",
"device" : {
"name" : "Other"
},
"version" : "3.6."
}
}
}
i check the elasticsearch file,it use the same regexes.yaml to parse the url with logstash.Why the result is defferent?
for the right parse is that:
"os" => "Windows XP"
I can't go on 