uberAgent consists of two main components: the actual agent runs on Windows machines you want monitored, sending the data it collects to Splunk either directly or via Splunk’s Universal Forwarder. The second main component, implemented as Splunk apps, takes care of setting up the Splunk backend configuration and provides the dashboards through which you consume uberAgent’s data.


The Agent

uberAgent’s data collecting component is a lightweight agent that can be run without the need for a locally installed Universal Forwarder. A typical footprint of less than 20 MB RAM, less than 0.3% CPU and no disk IO at all (with diagnostic logging turned off) makes it truly unobtrusive on the monitored endpoints.

uberAgent does not rely on Windows performance counters but comes with its own metrics. Instead of raw data it gives you information that matters. A list of metrics can be found here.

The agent is highly configurable: metrics can be turned on or off, the data collection frequency can be chosen freely and information from irrelevant sources can be filtered out. This ensures that only data you really need is sent to Splunk for indexing.

The Splunk Apps

Two Splunk apps help process and visualize the data collected by the agent. One lives on Splunk indexers and simply creates uberAgent’s index and data input. The other is a dashboard app that implements the user interface, providing approximately 50 different views into the collected data.

Most dashboards are searchable and have extensive filtering capabilities to give you a fast and powerful way of isolating specific data. Time range pickers make it easy to go back to the exact time a problem occurred.

uberAgent makes full use of Splunk’s advanced user interface components to display a beautiful user interface that fluidly adapts to screen width and device type. As a result, it works equally well on a smartphone as on a PC or Mac.


Do you have questions that were not answered here? Please ask us, we are happy to help!