Skip to main content

uberAgent 4.2: Splunk 7.0, Simplified Operations, Elasticsearch Improvements

  • by Helge Klein
  • October 16, 2017

We are happy to announce the newest version of our user experience and application performance monitoring product. uberAgent 4.2 brings new features and improvements for any kind of device.

For a full list of all improvements and bugfixes please consult the change log. As always, upgrading is highly recommended (instructions).

Splunk 7.0

uberAgent 4.2 adds full support for the latest version 7.0 of Splunk Enterprise and Splunk Cloud.

Central License File Management

Before uberAgent 4.2 license files had to be distributed along with the agent installation package. That was easy in environments with a single master image file, like Citrix PVS. Customers with tens of thousands of laptops, however, found it a lot harder to roll out new licenses to their endpoints.

uberAgent 4.2 greatly simplifies license file management. All you have to do is set up a file share with read permissions for computer accounts, drop your uberAgent license there and configure the share path in uberAgent’s new configuration option LicenseFilePath. Endpoints will periodically check LicenseFilePath for new licenses. If any are found that are not yet cached locally, the new license files are copied to the local license cache directory.

There is no need for the configured license file path to be available all of the time. Endpoints always use the local license cache for license validation. Of course, there is no requirement to set up a central license file path, either. If deploying the license file along with the agent installation package works for you: great, you are all set.

Elasticsearch Improvements

uberAgent 4.2 comes with important improvements for our Elasticsearch customers.


uberAgent now supports X-Pack authentication. This ensures that only validated endpoints can send data to the backend.

Ingest Pipelines

The ability to modify and enrich data before the indexing stage adds a great deal of flexibility to the Elasticsearch platform. Customers can new reference their ingest pipelines from uberAgent so that uberAgent data traverses the pipeline before being indexed.

More Improvements

Custom Scripts

uberAgent’s custom script execution engine, capable of running user-supplied scripts in machine or user context, now supports Elasticsearch as well as Splunk HTTP Event Collector (HEC) backends.

Monitor Inventory

uberAgent’s hardware inventory now collects information about the physical monitors attached to the machine along with their respective resolutions.

About uberAgent

uberAgent is an innovative Windows and macOS user experience monitoring (UXM) and endpoint security analytics (ESA) product.

uberAgent UXM highlights include detailed information about boot and logon duration, application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance, web app metrics, and Citrix insights. All these varied aspects of system performance and reliability are smartly brought together in the Experience Score dashboard.

uberAgent ESA excels with a sophisticated activity monitoring engine, the uAQL query language, detection of risky activity, DNS query monitoring, hash calculation, registry monitoring, and Authenticode signature verification. uberAgent ESA comes with Sysmon and Sigma rule converters, a graphical rule editor, and uses a simple yet powerful query language instead of XML.

About vast limits

vast limits GmbH is the company behind uberAgent, the innovative user experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.


Your email address will not be published. Required fields are marked *