Logstash wurfl_device_detection Filter Plugin

Pulse - Elasticsearch Operations Done Right

On this page

Syntax Example Use Case Common Issues and Best Practices Frequently Asked Questions

The wurfl_device_detection filter plugin for Logstash is used to parse user agent strings and detect mobile device characteristics. It leverages the WURFL (Wireless Universal Resource FiLe) database to provide detailed information about mobile devices, including screen size, browser capabilities, and device model.

Syntax

filter {
  wurfl_device_detection {
    source => "user_agent"
    target => "device_info"
    cache_size => 10000
    wurfl_file => "/path/to/wurfl.xml"
  }
}

For more details, refer to the official Logstash wurfl_device_detection filter plugin documentation.

Example Use Case

Suppose you're analyzing web server logs and want to enrich your data with mobile device information. Here's an example configuration:

filter {
  grok {
    match => { "message" => "%{COMBINEDAPACHELOG}" }
  }
  wurfl_device_detection {
    source => "agent"
    target => "device_info"
    cache_size => 10000
    wurfl_file => "/etc/logstash/wurfl.xml"
  }
}

This configuration parses Apache logs and then uses the wurfl_device_detection filter to add device information based on the user agent string.

Common Issues and Best Practices

  1. Ensure that you have the latest WURFL database file for accurate device detection.
  2. The cache_size parameter can significantly impact performance. Adjust it based on your needs and available memory.
  3. Regularly update the WURFL database to keep up with new devices and user agents.
  4. Be aware that processing large volumes of logs with this filter can be resource-intensive.

Frequently Asked Questions

Q: How often should I update the WURFL database?
A: It's recommended to update the WURFL database at least monthly to ensure accurate device detection for new mobile devices and user agents.

Q: Can I use this plugin for non-mobile user agents?
A: While the plugin is primarily designed for mobile device detection, it can provide some information for desktop browsers as well. However, the level of detail may be limited compared to mobile devices.

Q: How does the cache_size parameter affect performance?
A: A larger cache_size can improve performance by reducing the need to re-parse frequently seen user agents, but it also increases memory usage. Find the right balance for your specific use case.

Q: Is a license required to use the WURFL database?
A: Yes, WURFL requires a license for commercial use. Make sure you comply with the licensing terms when using this plugin in production environments.

Q: Can I customize which device properties are extracted?
A: The wurfl_device_detection plugin extracts a predefined set of properties. If you need custom properties, you may need to post-process the results or consider alternative solutions.

Pulse - Elasticsearch Operations Done Right

Pulse can solve your Elasticsearch issues

Subscribe to the Pulse Newsletter

Get early access to new Pulse features, insightful blogs & exclusive events , webinars, and workshops.

We use cookies to provide an optimized user experience and understand our traffic. To learn more, read our use of cookies; otherwise, please choose 'Accept Cookies' to continue using our website.