kite-morphlines-useragent
userAgent
The userAgent
command (source code) parses a user agent string and returns
structured higher level data like user agent family, operating system, version, and device
type, using the underlying API and regexes.yaml BrowserScope database from ua-parser.
The command provides the following configuration options:
Property Name | Default | Description |
---|---|---|
inputField | n/a | The name of the input field that contains zero or more user agent strings. |
outputFields | [] | A JSON object containing zero or more user agent mappings. Each mapping consists of a record output field name (on the left side of the colon ':') as well as an expression (on the right hand side). An expression consists of a concatenation of zero or more literal strings or components of the form @{componentName}. Example mapping: myOutputField : "@{ua_family}/@{ua_major}.@{ua_minor}.@{ua_patch}". The following components are available: ua_family, ua_major, ua_minor, ua_patch, os_family, os_major, os_minor, os_patch, os_patch_minor, device_family. If a component resolves to null or the empty string the preceding string separator, if any, is suppressed. |
database | null | The (optional) relative or absolute path of a regexes.yaml database file on the local file system. The default is to use the standard regexes.yaml database file that ships embedded inside of the ua-parser-*.jar. Example: /path/to/regexes.yaml |
Example usage:
userAgent {
inputField : user_agents
outputFields : {
ua_family : "@{ua_family}"
device_family : "@{device_family}"
ua_family_and_version : "@{ua_family}/@{ua_major}.@{ua_minor}.@{ua_patch}"
os_family_and_version : "@{os_family} @{os_major}.@{os_minor}.@{os_patch}"
}
}
Example input:
user_agents : Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3
Expected output:
ua_family : Mobile Safari
device_family : iPhone
ua_family_and_version : Mobile Safari/5.1
os_family_and_version : iOS 5.1.1