simonw/splunk_user_agents.py

## splunk_user_agents.py
browser_mapping = (
    ('MSIE 7.*Trident/4.0', 'Internet Explorer 8.0'),
    ('MSIE 6.0',     'Internet Explorer 6.0'),
    ('MSIE 7.0',     'Internet Explorer 7.0'),
    ('MSIE 8.0',     'Internet Explorer 8.0'),
    ('MSIE 9.0',     'Internet Explorer 9.0'),
    ('MSIE 10.0',           'Internet Explorer 10.0'),
    ('Trident/7.0; rv:11.0','Internet Explorer 11.0'),
    ('droid',               'Android'),
    ('Chrome',              'Chrome'),
    ('Mobile.*Safari',      'Safari - mobile'),
    ('i(pod|pad|phone).*(Safari|AppleWebKit)', 'Safari - mobile'),
    ('Safari/',             'Safari'),
    ('iTunes',              'iTunes'),
    ('Firefox/16',       'Firefox 16'),
    ('Firefox/24',       'Firefox 24'),
    ('Firefox/30',       'Firefox 30'),
    ('Firefox/31',       'Firefox 31'),
    ('Firefox/32',       'Firefox 32'),
    ('Firefox/33',       'Firefox 33'),
    ('Firefox/34',       'Firefox 34'),
    ('Firefox/35',       'Firefox 35'),
    ('Firefox/(\d+)',       'Firefox %s'),
    ('MSIE 5.00',           'Internet Explorer 5.0'),
    ('MSIE',                'Internet Explorer - Other'),
    ('AppleWebKit',         'Safari'),
    ('Google Update',       'Google Update'),
    ('Opera Mini',          'Opera Mini'),
    ('Opera',               'Opera'),
    ('urlgrabber/.* yum',   'yum'),
    ('BlackBerry',          'Blackberry'),
    ('Googlebot',           'Googlebot'),
    ('Baiduspider',         'Baidubot'),
    ('NING/\d',             'Ning'),
    ('msnbot/\d',           'msnbot'),
    ('gsa-crawler',         'Google Search Appliance'),
    ('Ezooms/\d',           'Ezooms'),
    ('bingbot',             'bingbot'),
    ('YandexBot',           'yandexbot'),
    ('Genieo',              'genieo'),
    ('Apple-PubSub',        'Apple PubSub'),
    ('Java/\d',             'Java'),
    ('Warp (\S+)',          'Warp %s'),
    ('wOSBrowser/(\S+)',    'webOS Browser %s'),
    ('SeaMonkey/(\S+)',     'SeaMonkey %s'),
)
matches = []
for regex, browser in browser_mapping:
    matches.append(
        'match(user_agent, "%s"), "%s"' % (regex, browser)
    )

print 'eval browser = case(%s)' % (', '.join(matches))
	browser_mapping = (
	('MSIE 7.*Trident/4.0', 'Internet Explorer 8.0'),
	('MSIE 6.0', 'Internet Explorer 6.0'),
	('MSIE 7.0', 'Internet Explorer 7.0'),
	('MSIE 8.0', 'Internet Explorer 8.0'),
	('MSIE 9.0', 'Internet Explorer 9.0'),
	('MSIE 10.0', 'Internet Explorer 10.0'),
	('Trident/7.0; rv:11.0','Internet Explorer 11.0'),
	('droid', 'Android'),
	('Chrome', 'Chrome'),
	('Mobile.*Safari', 'Safari - mobile'),
	('i(pod\|pad\|phone).*(Safari\|AppleWebKit)', 'Safari - mobile'),
	('Safari/', 'Safari'),
	('iTunes', 'iTunes'),
	('Firefox/16', 'Firefox 16'),
	('Firefox/24', 'Firefox 24'),
	('Firefox/30', 'Firefox 30'),
	('Firefox/31', 'Firefox 31'),
	('Firefox/32', 'Firefox 32'),
	('Firefox/33', 'Firefox 33'),
	('Firefox/34', 'Firefox 34'),
	('Firefox/35', 'Firefox 35'),
	('Firefox/(\d+)', 'Firefox %s'),
	('MSIE 5.00', 'Internet Explorer 5.0'),
	('MSIE', 'Internet Explorer - Other'),
	('AppleWebKit', 'Safari'),
	('Google Update', 'Google Update'),
	('Opera Mini', 'Opera Mini'),
	('Opera', 'Opera'),
	('urlgrabber/.* yum', 'yum'),
	('BlackBerry', 'Blackberry'),
	('Googlebot', 'Googlebot'),
	('Baiduspider', 'Baidubot'),
	('NING/\d', 'Ning'),
	('msnbot/\d', 'msnbot'),
	('gsa-crawler', 'Google Search Appliance'),
	('Ezooms/\d', 'Ezooms'),
	('bingbot', 'bingbot'),
	('YandexBot', 'yandexbot'),
	('Genieo', 'genieo'),
	('Apple-PubSub', 'Apple PubSub'),
	('Java/\d', 'Java'),
	('Warp (\S+)', 'Warp %s'),
	('wOSBrowser/(\S+)', 'webOS Browser %s'),
	('SeaMonkey/(\S+)', 'SeaMonkey %s'),
	)
	matches = []
	for regex, browser in browser_mapping:
	matches.append(
	'match(user_agent, "%s"), "%s"' % (regex, browser)
	)

	print 'eval browser = case(%s)' % (', '.join(matches))