Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at


Resources for Learning uberAgent & Splunk

  • by Martin Kretzschmar
  • February 12, 2019

Hello, my Name is Martin. Let me start by giving you a quick introduction about myself before talking about the resources I used to get started with uberAgent and Splunk.

Like some of my colleagues, I live near Cologne, Germany. I joined vast limits, the company behind uberAgent, about a month ago. For the past 10 years, I spent a great part of my work life with Microsoft, Citrix and VMware technologies. The main focus was on planning, design and continuous improvement of implementations for customers and colleagues, using products like Citrix Virtual Apps and Desktops heavily.

With my new position as a Customer Success Engineer, my claim, to provide the customer with the best possible user experience, has not changed. What has changed though, are the products and technologies that make this possible.

Where to Start

uberAgent and Splunk crossed my path in the past now and then, but there was never any real opportunity to get in touch with these products in detail. I used the last few weeks to deepen my knowledge and came across several resources, which I want to share with you.


Let us start with uberAgent.

What I found to be the best resource is at the same time the one that is available to everybody. I am talking about our product documentation, which you can find here. It covers all topics from Quickstart over Installation to Advanced Topics, like optimizing data volume, just to name a few. We do also offer webinars and slides exclusively for our partners, which helped me a lot. Some of that content is also available to the public. For example, have a look at our video uberAgent explained in three minutes to get an idea what uberAgent can do for you.

What really got my attention is the User Logon Duration Dashboard. I know from personal experience that every Citrix administrator out there had to justify the “Citrix is slow” complaint at least once. And I think your prayers have been heard. Just have a look at this user logon data.

Dashboard User Logon Duration Group Policy CSEs and GPOs

Dashboard User Logon Duration Logon Process Performance

You can drill down into every single logon even to a process dependency level. In this case we probably should have a look at the drive mappings.


On the Splunk side, I want to point out three locations to check out.

Your first stop should be the Splunk Training and Certification site, which offers a wide range of further education. You will find a combination of free and paid content. Speaking of free, I want to recommend two courses specifically. First up, the trainings are self-paced, so you can take them anytime. They offer a mixture of different content, including Instructor on Demand (IoD) videos, hands-on challenges, and quizzes to check on your learning progress.

The first course is Splunk Infrastructure Overview. This will give you an overview of the Splunk Enterprise infrastructure and a look at how to grow a Splunk deployment. With best practices for deploying, extending and integrating Splunk. The second one is called Splunk Fundamentals I and focuses on how to search and navigate in Splunk. It covers reports, dashboards, lookups, and alerts and will also introduce you to Splunk’s datasets features and Pivot interface.

The second resource is a rather classic learning approach. It is a book, but also available as PDF and other mobile readable formats. It is very well written, easy to understand, with real-life examples and a perfect way to recapitulate and consolidate what you have learned so far. You can download your copy of Exploring Splunk for free here.

Last but not least have a look at the Splunk documentation, as well as the Splunk forum. Anytime you want to know more about a Splunk topic, there is a good chance that it has already been documented or discussed.


I highly encourage you to set up a local development environment with uberAgent and Splunk. A free trial version is available for Splunk and we are always happy to send out free community licenses. The installation is done in minutes and you can start analyzing your data right afterwards.

At this point, I would like to thank all of my colleagues for their great support in my first weeks here at vast limits.

About uberAgent

The uberAgent product family offers innovative digital employee experience monitoring and endpoint security analytics for Windows and macOS.

uberAgent UXM highlights include detailed information about boot and logon duration, application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance, web app metrics, and Citrix insights. All these varied aspects of system performance and reliability are smartly brought together in the Experience Score dashboard.

uberAgent ESA excels with a sophisticated Threat Detection Engine, endpoint security & compliance rating, the uAQL query language, detection of risky activity, DNS query monitoring, hash calculation, registry monitoring, and Authenticode signature verification. uberAgent ESA comes with Sysmon and Sigma rule converters, a graphical rule editor, and uses a simple yet powerful query language instead of XML.

About vast limits

vast limits GmbH is the company behind uberAgent, the innovative digital employee experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.


Your email address will not be published. Required fields are marked *