Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at


uberAgent 5.0.1: Splunk 7.1, Data Model Acceleration Auto-Skewing

  • by Helge Klein
  • May 3, 2018

We are happy to announce the newest version of our user experience and application performance monitoring product. uberAgent 5.0.1 adds support for Splunk 7.1 and brings many other improvements.

For a full list of changes, please consult the release notes. As always, upgrading is highly recommended (instructions).

Splunk 7.1

uberAgent now fully supports the significant user interface updates Splunk introduced in version 7.1.

Data Model Acceleration Auto-Skewing

This is something we are particularly proud of: “our” first feature suggestion got implemented in Splunk Enterprise.

uberAgent makes extensive use of accelerated data models for greatly enhanced dashboard search speed (for details see the blog posts to Helge’s Splunk .conf 2015 session).

Put simply, when a data model is accelerated, an additional index is built that is populated by searches that run every five minutes. Without the new auto-skewing feature, all data model acceleration searches were scheduled to run at exactly the same time, which would fail due to concurrency limitations. With version 7.1 Splunk learned to distribute the acceleration searches across the available time range. This promises to effectively get rid of skipped searches – and we are very happy to report that it does exactly that!

Auto-skewing is now enabled for uberAgent’s data model. It causes a (harmless) warning message on Splunk versions prior to 7.1 during a restart of Splunkd. To remove that, simply comment out the setting acceleration.allow_skew in datamodels.conf.

About uberAgent

The uberAgent product family offers innovative digital employee experience monitoring and endpoint security analytics for Windows and macOS.

uberAgent UXM highlights include detailed information about boot and logon duration, application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance, web app metrics, and Citrix insights. All these varied aspects of system performance and reliability are smartly brought together in the Experience Score dashboard.

uberAgent ESA excels with a sophisticated Threat Detection Engine, endpoint security & compliance rating, the uAQL query language, detection of risky activity, DNS query monitoring, hash calculation, registry monitoring, and Authenticode signature verification. uberAgent ESA comes with Sysmon and Sigma rule converters, a graphical rule editor, and uses a simple yet powerful query language instead of XML.

About vast limits

vast limits GmbH is the company behind uberAgent, the innovative digital employee experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.


Your email address will not be published. Required fields are marked *