In uberAgent 3.6 we have added experimental support for sending data directly to Elasticsearch. In addition to that, uberAgent now generates unique GUIDs for each process and user session. These can optionally be logged at process start along with the full path and command line. Being able to identify process instances by GUID is relevant particularly for security use cases because Windows reuses process and session IDs. This new release also contains several other improvements and bugfixes. As always, upgrading is highly recommended.
What is Elasticsearch?
Elasticsearch is a search server based on Lucene. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents. Elasticsearch is developed in Java and is released as open source under the terms of the Apache License. Elasticsearch is the most popular enterprise search engine followed by Apache Solr, also based on Lucene.
What Does “Experimental Support” Mean, Exactly?
uberAgent can now send data to Elasticsearch. To make that happen we added HTTP(S) data transport capabilities along with the necessary JSON formatting to enable Elasticsearch to correctly parse uberAgent data. At this point, that is it. Most notably, there are no dashboards. If you want to work with uberAgent for Elasticsearch, you need to create your own. Hint: most people use Kibana, but you probably know that already.
Why Support Elasticsearch?
Elasticsearch has made great progress in the past few years. It certainly is not as polished and perfectly integrated as Splunk, but it seems to be capable of handling uberAgent’s data quite well. With this experimental feature we want to gauge interest. Is this something people want? Please let us know. Play with it, build upon it, use it!
Try it Out!
Here is a guide to help you get started installing and configuring Elasticsearch & Kibana.
uberAgent is an agent for Windows end-user computing, focused on user experience and application performance monitoring. Its highlights include detailed information about boot and logon duration (showing why and when boots/logons are slow), network latency per target and process, process startup duration, application usage metering, browser performance per website and remoting protocol insights.
About vast limits
vast limits develops enterprise-grade tools for administrators. These include uberAgent (user experience and application performance monitoring), Delprof2 (profile deletion), SetACL and SetACL Studio (permissions management). Our tools have been downloaded more than half a million times and are used by enterprises worldwide.
Our founder, Helge Klein, is an experienced consultant and developer. As a consultant he has worked in Windows and Citrix projects for large corporations. As a developer he architected the user profile management product whose successor is now available as Citrix Profile Management. In 2009 Helge received the Citrix Technology Professional (CTP) award, in 2011 he was nominated a Microsoft Most Valuable Professional (MVP), in 2014 he was a Splunk Revolution Award Winner, in 2015 he became a VMware vExpert. Helge can be found on Twitter as @HelgeKlein. He frequently presents at conferences and user group events like Citrix Synergy, Splunk .conf, BriForum or E2EVC.