Hello Splunk Masters,
I'm working on a radial gauge that will show successful IIS requests. I need to be able to build out a search to separate results by either Android or iOS. Here's how an example of how we build out the USER agent:
userAgent = “$a/$b (Linux; Android $c; $d; $e) Mobile App
With Parameters:
• $a = App Name (varies per app)
• $b = App Version
• $c = Android Version
• $d = User Language
• $e = Device Model
Live example in use: AwesomeMobileApp/9.5.9 (iPhone OS 9.3.2; iPhone7,2) Mobile App
Search Example:
sourcetype=iis_logs UserAgent=awesomemobileapp* | stats count as total count(eval(http_status<400)) as success | eval perc=success/total*100 | fields perc
Right now, the above search works great for getting both iOS and Android, but I really need to be able to split it between the two.
Thanks,
↧