This documentation does not apply to the most recent version of uberAgent. Click here for the latest version.
Application and Process Performance Metrics
Process Detail
uberAgent collects metric per application/process like user and domain, CPU usage, RAM usage as well as network latency and throughput.
Note: processes are auto-grouped into applications, i.e. the application name is determined automatically without requiring any configuration. Information on how this works is available here.
Details
- Source type: uberAgent:Process:ProcessDetail
- Used in dashboards: Process Performance, Application Performance, Machine Performance, Application Usage, Process GPU, Single Machine Detail, Single Application Detail, Single User Detail, Analyze data over time
- Enabled through configuration setting: ProcessDetailTop5 or ProcessDetailFull
- Related configuration settings: [ProcessToApplicationMapping], [ApplicationMappingIgnoredProcesses], [ProcessDetailFull_Filter], [ProcessDetail_SendCommandline], [ProcessStartupSettings]
List of Fields in the Raw Agent Data
| Field | Description | Data type | Unit | Measurement type | Example |
|---|---|---|---|---|---|
| ProcName | Process name | String | Snapshot | chrome.exe | |
| ProcCPUTimeMs | Process CPU time | Number | ms | Sum | 5000 |
| ProcCPUPercent | Process CPU usage | Number | % | Average | 12 |
| ProcIOPSRead | Process I/O read operations | Number | Average | 200 | |
| ProcIOPSWrite | Process I/O write operations | Number | Average | 200 | |
| ProcIOReadCount | Count of process I/O read operations | Number | Count | 100 | |
| ProcIOWriteCount | Count of process I/O write operations | Number | Count | 100 | |
| ProcIOReadMB | Amount of process I/O read operations data volume | Number | MB | Sum | 150 |
| ProcIOWriteMB | Amount of process I/O write operations data volume | Number | MB | Sum | 150 |
| ProcIOLatencyReadMs | Process I/O read operations latency | Number | ms | Average | 300 |
| ProcIOLatencyWriteMs | Process I/O write operations latency | Number | ms | Average | 300 |
| ProcWorkingSetMB | Process consumed RAM | Number | MB | Snapshot | 100 |
| ProcNetKBPS | Process generated network traffic | Number | KB | Sum | 500 |
| ProcUser | Process user | String | Snapshot | Domain\JohnDoe | |
| ProcGpuComputePercent | Process GPU compute usage | Number | % | Average | 20 |
| ProcGpuMemMB | Process GPU memory usage | Number | MB | Average | 150 |
| AppId | Associated application ID. Used by uberAgent to lookup application names and populate field AppName. | String | Snapshot | GglChrm | |
| AppVersion | Application version | String | Snapshot | 67.0.3396.99 | |
| ProcID | Process ID | Number | Snapshot | 456 | |
| ProcCmdline | Full commandline the process was launched with | String | Snapshot | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –url http://vastlimits.com | |
| ProcGUID | Unique identifier that is generated by uberAgent when the process is started | String | Snapshot | 00000000-ebe5-469c-63ae-f5a1de28d401 | |
| ProcGpuEngineMostUsed | The number of the most used GPU engine (requires Windows 10 1709) | Number | Snapshot | 1 | |
| ProcGpuEngineMostUsedDisplayName | The display name of the most used GPU engine (requires Windows 10 1709) | String | Snapshot | 3D |
The following field is empty unless EnableExtendedInfo is set to true: ProcGUID
The following field is empty unless EnableExtendedInfo and [ProcessDetail_SendCommandline] are configured: ProcCmdline
List of Calculated Fields
| Field | Description | Data type | Unit | Measurement type | Where available | Example |
|---|---|---|---|---|---|---|
| ProcCPUTimeS | Process CPU time | Number | s | Sum | Splunk data model | 5 |
| ProcIOCount | ProcIOReadCount + ProcIOWriteCount | String | Sum | Splunk data model | 200 | |
| ProcIOPS | ProcIOPSRead + ProcIOPSWrite | Number | Sum | Splunk data model | 400 | |
| ProcIOMB | ProcIOReadMB + ProcIOWriteMB | Number | MB | Sum | Splunk data model | 300 |
| ProcIOMBPS | ProcIOMB / ProcIOCount x ProcIOPS | Number | MB | Sum | Splunk data model | 600 |
| ProcIOLatencyMs | ProcIOLatencyReadMs + ProcIOLatencyWriteMs | Number | ms | Sum | Splunk data model | 600 |
| ProcIODurationReadMS | ProcIOLatencyMsRead x ProcIOCountRead | Number | ms | Sum | Splunk data model | 30000 |
| ProcIODurationWriteMS | ProcIOLatencyMsWrite x ProcIOCountWrite | Number | ms | Sum | Splunk data model | 30000 |
| ProcIODurationMS | ProcIODurationReadMS + ProcIODurationWriteMS | Number | ms | Sum | Splunk data model | 60000 |
| User | Content of field ProcUser | String | Snapshot | Splunk data model | Domain\JohnDoe | |
| AppName | Associated application name | String | Snapshot | Splunk data model, Splunk SPL | Google Chrome | |
| time | Content of field _time | Number | Snapshot | Splunk data model | 2018-07-31T18:34:32.451+02:00 |