User Agent

Parse Elastic Compatible

Synopsis

Parses user agent strings to extract information about the browser, operating system, and device.

Schema

user_agent:
  - field: <ident>
  - description: <text>
  - extract_device_type: <boolean>
  - if: <script>
  - ignore_failure: <boolean>
  - ignore_missing: <boolean>
  - on_failure: <processor[]>
  - on_success: <processor[]>
  - properties: <enum>
  - tag: <string>
  - target_field: <ident>

Configuration

Field	Required	Default	Description
`field`	Y	-	Field containing the user agent string
`description`	N	-	Explanatory note
`extract_device_type`	N	`false`	Extract device type information
`if`	N	-	Condition to run
`ignore_failure`	N	`false`	See Handling Failures
`ignore_missing`	N	`false`	If `true`, quietly exit if field doesn't exist
`on_failure`	N	-	See Handling Failures
`on_success`	N	-	See Handling Success
`properties`	N	all	Properties to include in output
`tag`	N	-	Identifier
`target_field`	N	`user_agent`	Field to store the parsed details

Details

The processor extracts key information including browser name and version, operating system details, and device platform. It handles a wide range of user agent formats and can store the parsed information in a structured format.

warning

Some user agents may be spoofed or contain incorrect information. The information is provided as reported without validating its accuracy.

Examples

Full User Agent

Parsing a detailed Chrome user agent...

{
  "agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
}

user_agent:
  - field: agent
  - target_field: user_agent

extracts all the available information:

{
  "user_agent": {
    "name": "Chrome",
    "version": "51.0.2704.103",
    "os": {
      "name": "Intel Mac OS X 10_10_5"
    },
    "device": {
      "name": "Macintosh"
    },
    "original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
  }
}

Invalid User Agents

Processing an invalid or unknown user agent...	`{ "agent": "InvalidUserAgent" }` `user_agent: - field: agent - ignore_failure: true`
preserves the original string:	`{ "user_agent": { "original": "InvalidUserAgent" } }`

Target Field

Storing the parsed details in a specific field...

{
  "browser": "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Mobile/15E148 Safari/604.1"
}

user_agent:
  - field: browser
  - target_field: browser_details
  - extract_device_type: true

includes the device information:

{
  "browser_details": {
    "name": "Safari",
    "version": "14.0",
    "os": {
      "name": "iOS 14.0"
    },
    "device": {
      "name": "iPhone"
    },
    "original": "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Mobile/15E148 Safari/604.1"
  }
}

Synopsis​

Schema​

Configuration​

Details​

Examples​

Full User Agent​

Invalid User Agents​

Target Field​