Documentation

Contents
Contents
Contents
Contents
!
This documentation applies to a beta version of uberAgent (docs for the latest official release)

User Logoff Metrics

Logoff Detail

uberAgent collects various details about logoffs like profile unload time, Group Policy logoff script time as well as process performance.

Details

  • Source type: uberAgent:Logoff:LogoffDetail
  • Used in dashboards: User Logoff Duration, Single Logoff
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a
  • Supported platform: Windows

List of Fields in the Raw Agent Data

Field Description Data type Unit Measurement type Example
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String Snapshot 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number Snapshot 3
User User name String Snapshot Domain\JohnDoe
SessionLogoffTime Time when the user logged of String Snapshot 2018-07-23 10:06:02
SessionEndTime Time when the session ended String Snapshot 2018-07-23 10:08:02
SessionDurationMs Session duration Number ms Sum 25000
ProfileUnloadTimeMs2 User profile unloading time Number ms Sum 300
GroupPolicyLogoffScriptTimeMs Group Policy logoff script processing time Number ms Sum 358
TotalLogoffTimeMs Logoff duration combined for all phases Number ms Sum 40000
ProcessStartCount Number of processes started Number Count 8
IOCountRead Count of read I/O operations Number Count 100
IOCountWrite Count of write I/O operations Number Count 100
IOMBRead Amount of read data volume Number MB Sum 50
IOMBWrite Amount of write data volume Number MB Sum 50
IOLatencyReadMs I/O read operation duration divided by count of read I/O operations Number ms Average 358
IOLatencyWriteMs I/O write operation duration divided by count of write I/O operations Number ms Average 358

Logoff processes

Detailed performance data about all processes active during user logoff like process start time and lifetime duration, commandline, executable path and CPU footprint.

Details

  • Source type: uberAgent:Process:LogoffProcesses
  • Used in dashboards: Single Logoff
  • Enabled through configuration setting: LogonProcesses
  • Related configuration settings: n/a

List of Fields in the Raw Agent Data

Field Description Data type Unit Measurement type Example
ProcName Process name String Snapshot chrome.exe
ProcID Process ID Number Snapshot 456
ProcParentName Parent process name String Snapshot PowerShell.exe
ProcParentID Parent process ID Number Snapshot 789
ProcUser User who ran the process String Snapshot Domain\JohnDoe
AppId Associated application ID. Used by uberAgent to lookup application names and populate field AppName. String Snapshot GglChrm
AppVersion Associated application version String Snapshot 67.0.3396.99
LogoffProcType uberAgent groups processes running during logon into types. Possible values: Other, GP logoff script, Session teardown String Snapshot Other
ProcStartTimeRelativeMs Process relative start time Number ms Snapshot 16764
ProcLifetimeMs Process lifetime Number ms Sum 73615
ProcCmdline Process command line String Snapshot C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –url http://vastlimits.com
ProcPath Process path String Snapshot C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
ProcIOReadCount Process I/O operation read count Number Count 2000
ProcIOWriteCount Process I/O operation write count Number Count 990
ProcIOReadMB Process I/O operation read data volume Number MB Sum 100.05
ProcIOWriteMB Process I/O operation write data volume Number MB Sum 16.06
ProcIOLatencyReadMs2 Process I/O operation read latency Number ms Average 300
ProcIOLatencyWriteMs2 Process I/O operation write latency Number ms Average 300
ProcNetKBPS Process generated network traffic Number KB Sum 19.18
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String Snapshot 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number Snapshot 3
TotalLogoffDurationMs Total logoff duration Number ms Sum 40000
SortOrder Sort order number to sort the table Logoff process performance on the Single Logoff dashboard correctly. Number Snapshot 29

List of Calculated Fields

Field Description Data type Unit Measurement type Where available Example
AppName Associated application name String Snapshot Splunk data model, Splunk SPL Google Chrome

Leave a Reply

Your email address will not be published. Required fields are marked *