Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at


uberAgent 7 Preview: Performance Counter Monitoring Dashboard, Wildcards

  • by Helge Klein
  • June 8, 2022

While we’re finalizing version 7.0 of our digital employee experience monitoring & endpoint security analytics products uberAgent UXM and uberAgent ESA, let’s take a look at another cool new feature: reimplemented Windows performance counter monitoring, with an intuitive Splunk dashboard and support for wildcards.


While uberAgent always had support for collecting Windows performance counter values, we’ve significantly expanded the breadth and depth of this feature:

  • Wildcard support
  • Splunk dashboard with intuitive filtering & visualizations
  • Support for counters that can only be collected at the end of an interval

Why Monitor Windows Performance Counters?

uberAgent collects a large number of metrics out of the box. These native uberAgent metrics are often more relevant than what is available via Windows performance counters. However, there are situations where you may want to complement uberAgent’s native metrics with additional data, e.g.:

  • You need OS data that is too specific to be included in uberAgent’s default configuration.
  • You need application data for your in-house line-of-business application.

What’s New?

Let’s take a look at what’s new with performance counter monitoring in uberAgent 7.0.

Splunk Dashboard

The new Windows Performance Counters Splunk dashboard visualizes the collected performance counter data. As you can see in the screenshot above, you can compare one host’s counter values with any other host’s as well as with the average of all hosts.

The dashboard also provides access to the collected numerical performance counter values, either as average, median, maximum, minimum, or median values over the selected time range.


uberAgent now supports wildcards for performance counter instance names. This makes it possible to collect data for all physical disks individually regardless of the number of disks that are present in a machine:

Name         = Disk performance counters
Interval     = 60000
Perf counter = \PhysicalDisk(*)\Avg. Disk Read Queue Length
Perf counter = \PhysicalDisk(*)\Avg. Disk Write Queue Length

In the example above, we configured a timer to collect the average read and write queue lengths for all physical disks every 60 s.

End-of-Interval Counter Values

In earlier versions, uberAgent could only collect point-in-time values, e.g., a process’ handle count. Many counters are of a different nature, though: before data can be collected, they need to be initialized. For every subsequent call, the counter then provides a value for the interval between the previous and the current API call. The average disk queue length (see above) is an example of such an end-of-interval counter. uberAgent now auto-detects whether a counter is point-in-time or end-of-interval and always calculates counter values correctly.

About uberAgent

The uberAgent product family offers innovative digital employee experience monitoring and endpoint security analytics for Windows and macOS.

uberAgent UXM highlights include detailed information about boot and logon duration, application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance, web app metrics, and Citrix insights. All these varied aspects of system performance and reliability are smartly brought together in the Experience Score dashboard.

uberAgent ESA excels with a sophisticated Threat Detection Engine, endpoint security & compliance rating, the uAQL query language, detection of risky activity, DNS query monitoring, hash calculation, registry monitoring, and Authenticode signature verification. uberAgent ESA comes with Sysmon and Sigma rule converters, a graphical rule editor, and uses a simple yet powerful query language instead of XML.

About vast limits

vast limits GmbH is the company behind uberAgent, the innovative digital employee experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.


Your email address will not be published. Required fields are marked *