NOTE: The data source for this add-on has moved to a subscription service. I
do not plan on updating the add-on for them. This is the last release to remove
the pyc files for use in Splunk Cloud.
To install:
Untar the TA-uas_parser.tar.gz file in your $SPLUNK_HOME/etc/apps
diectory.
Change to the $SPLUNK_HOME/etc/apps/TA-uas_parser/bin directory
Run "python update_cache.py" to download the data used to generate the
fields.
Restart Splunk.
To use:
The lookup expects a field named "http_user_agent". In the search bar,
you can run something like:
index=webdata | lookup uas_lookup http_user_agent
This should produce the additional fields.
NOTE: The data source for this add-on has moved to a subscription service. I
do not plan on updating the add-on for them. This is the last release to remove
the pyc files for use in Splunk Cloud.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.