Documentation

Contents
Contents
Contents
Contents
!
This documentation applies to a beta version of uberAgent (docs for the latest official release)

User Logon Metrics

Logon Detail

uberAgent collects various details about logons like profile load time, Group Policy processing time as well as process performance.

Details

  • Source type: uberAgent:Logon:LogonDetail
  • Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration – Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a
  • Supported platform: Windows

List of Fields in the Raw Agent Data

Field Description Data type Unit Measurement type Example
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String Snapshot 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number Snapshot 3
User User name String Snapshot Domain\JohnDoe
SessionLogonTime Time when the user logon started String Snapshot 2018-07-23 08:50:14
PreLogonInitTimeMs Time from session creation until user logon (more information) Number ms Sum 358
SiteName Active Directory site name String Snapshot Default-First-Site-Name
LogonServer Authenticating Active Directory domain controller String Snapshot DC1
ProfileLoadTimeMs User profile loading time – Microsoft user profile service Number ms Sum 40000
CitrixPMLoadTimeMs User profile loading time – Citrix Profile Management Number ms Sum 40000
GroupPolicyTotalProcessingTimeMs Total Group Policy processing time Number ms Sum 250
DcDiscoveryTimeMs Domain controller discovery time Number ms Sum 10
LoopbackMode Group Policy loopback mode. Possible values: replace, merge, no loopback String Snapshot replace
ADLogonScriptTimeMs Active Directory logon script processing time Number ms Sum 358
GroupPolicyLogonScriptTimeMs Group Policy logon script processing time Number ms Sum 358
ResWmProcessingTimeMs RES ONE Workspace shell startup time Number ms Sum 358
ShellStartupTimeMs Shell startup time. Typically Windows Explorer. Number ms Sum 358
TotalLogonTimeMs Total logon duration is defined as the time from the actual logon until the shell is fully initialized. Number ms Sum 40000
ProcessStartCount Number of processes started Number Count 8
IOCountRead Count of read I/O operations Number Count 100
IOCountWrite Count of write I/O operations Number Count 100
IOMBRead Amount of read I/O operation data volume Number MB Sum 50
IOMBWrite Amount of write I/O operation data volume Number MB Sum 50
IOLatencyReadMs I/O read operation duration divided by count of read I/O operations Number ms Average 358

Group Policy CSE Detail

uberAgent collects detailed information about Client-Side-Extensions (CSEs) like name, duration and return code.

Details

  • Source type: uberAgent:Logon:GroupPolicyCSEDetail2
  • Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration – Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a

List of Fields in the Raw Agent Data

Field Description Data type Unit Measurement type Example
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String Snapshot 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number Snapshot 3
User User name String Snapshot Domain\JohnDoe
CseName Client-side extension name String Snapshot Citrix Group Policy
CseDurationS Client-side extension processing time Number s Sum 5.40
CseGPONames Group Policy where client-side extension is configured String Snapshot Default Domain Policy
CseReturnCode Client-side extension processing return code. Everything except 0 is bad. Number Snapshot 0

Logon Processes

Detailed performance data about all processes active during user logon like process start time and lifetime duration, commandline, executable path and CPU footprint.

Details

  • Source type: uberAgent:Process:LogonProcesses
  • Used in dashboards: Single Logon
  • Related configuration settings: n/a

List of Fields in the Raw Agent Data

Field Description Data type Unit Measurement type Example
ProcName Process name String Snapshot chrome.exe
ProcID Process ID Number Snapshot 456
ProcParentName Parent process name String Snapshot PowerShell.exe
ProcParentID Parent process ID Number Snapshot 789
ProcUser User who ran the process String Snapshot Domain\JohnDoe
AppId Associated application ID. Used by uberAgent to lookup application names and populate field AppName. String Snapshot GglChrm
AppVersion Associated application version String Snapshot 67.0.3396.99
LogonProcType uberAgent groups processes running during logon into types. Possible values: Other, Userinit, AppSetup, Active Setup, AD logon script, GP logon script, Shell,RES Workspace Manager shell,RES Workspace Manager shell child,GP software installation, Run once, Initial program, User profile, Group Policy, Session setup, First logon animation String Snapshot GP logon script
ProcStartTimeRelativeMs Process relative start time Number ms Snapshot 16764
ProcLifetimeMs Process lifetime Number ms Sum 73615
ProcCmdline Process command line String Snapshot C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –url http://vastlimits.com
ProcPath Process path String Snapshot C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
ProcCPUTimeMs Process consumed CPU time Number ms Sum 11859
ProcIOReadCount Process I/O operation read count Number Count 2000
ProcIOWriteCount Process I/O operation write count Number Count 990
ProcIOReadMB Process I/O operation read data volume Number MB Sum 100.05
ProcIOWriteMB Process I/O operation write data volume Number MB Sum 16.06
ProcIOLatencyReadMs2 Process I/O operation read latency Number ms Average 300
ProcIOLatencyWriteMs2 Process I/O operation write latency Number ms Average 300
ProcWorkingSetMB Process consumed RAM Number MB Snapshot 500.06
ProcNetKBPS Process generated network traffic Number KB Sum 19.18
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String Snapshot 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number Snapshot 3
TotalLogonDurationMs Total logon duration Number ms Sum 40000
SortOrder Sort order number to sort the table Logon process performance on the Single Logon dashboard correctly. Number Snapshot 29

List of Calculated Fields

Field Description Data type Unit Measurement type Where available Example
AppName Associated application name String Snapshot Splunk data model, Splunk SPL Google Chrome

Leave a Reply

Your email address will not be published. Required fields are marked *