Visitor user agent information

sandikata · September 30, 2020, 1:51pm

Hello!

I am trying to separate in fields the useragent information, i've followed instructions from

Everything looks good, but when i check in kibana frontend, everything is still on same line, not separated as expected.

root@elastic-master /usr/share/elasticsearch # curl -X PUT -u elastic:************"192.168.56.202:9200/_ingest/pipeline/user_agent?pretty" -H 'Content-Type: application/json' -d' 
{
  "description" : "Add user agent information",
  "processors" : [
    {
      "user_agent" : {
        "field" : "agent"
      }
    }
  ]
}
'
{
  "acknowledged" : true
}

root@elastic-master /usr/share/elasticsearch # curl -X PUT -u elastic:***************** "192.168.56.202:9200/my-index-000001/_doc/my_id?pipeline=user_agent&pretty" -H 'Content-Type: application/json' -d'
{
  "agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
}                 
'    
{
  "_index" : "my-index-000001",
  "_type" : "_doc",
  "_id" : "my_id",
  "_version" : 1,
  "result" : "created",
  "_shards" : {
    "total" : 2,
    "successful" : 2,
    "failed" : 0
  },
  "_seq_no" : 0,
  "_primary_term" : 89
}

root@elastic-master /usr/share/elasticsearch # curl -X GET -u elastic:************* "192.168.56.202:9200/my-index-000001/_doc/my_id?pretty" 
{
  "_index" : "my-index-000001",
  "_type" : "_doc",
  "_id" : "my_id",
  "_version" : 1,
  "_seq_no" : 0,
  "_primary_term" : 89,
  "found" : true,
  "_source" : {
    "agent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
    "user_agent" : {
      "original" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
      "os" : {
        "name" : "Mac OS X",
        "version" : "10.10.5",
        "full" : "Mac OS X 10.10.5"
      },
      "name" : "Chrome",
      "device" : {
        "name" : "Mac"
      },
      "version" : "51.0.2704.103"
    }
  }
}

It works only on new index, but on existing it won't, or i am supposed to check tomorrow on new indicies?

warkolm · September 30, 2020, 9:40pm

Did you try to refresh your index pattern in Kibana?

sandikata · October 1, 2020, 4:47am

I did, and no change at all. Still same like before, in one line. Even new indexes hasn't been changed.

sandikata · October 2, 2020, 11:35am

? Is it there something else hidden which is not mentioned in documentation?

sandikata · October 5, 2020, 5:59am

I've found something, but it not work always, or maybe depend on log format.

sandikata · October 14, 2020, 11:23am

Fixed by adding user_agent block in logstash grok filter

system · November 11, 2020, 11:23am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Indexing User-Agent data Elasticsearch	8	527	June 27, 2020
Unnesting user_agent fields using ingest processor Elasticsearch	2	328	April 22, 2019
User Agent Raw Mapping Logstash	5	901	July 6, 2017
Install ingest-user-agent on ELK Logstash	3	547	November 26, 2018
Search on pipelines user-agent fields Elasticsearch	4	471	May 22, 2020

Visitor user agent information

Related topics