How it works...

Let's break down the search piece by piece.

In this recipe, we used both the eval and replace commands for illustrative purposes. This approach absolutely works, but a better approach might be to use Splunk's lookup functionality to look up the useragent value and return the browser name and version. Lookups are covered in Chapter 7, Enriching Data – Lookups and Workflows.