Documentation

Contents
Contents
Contents
Contents

Changelog and Release Notes

Version 6.1.1

Improvements

  • Data volume [B586]: 5-15% reduction in UXM data volume by switching application usage calculations from the ApplicationUsage sourcetype to ProcessDetail.
  • Drivers (Windows) [B462]: restrict access to uberAgent’s drivers from user mode applications.
  • Service (Windows) [I418]: kernel driver load events are now available in ESA activity monitoring rules (uAQL queries), too.

Bugfixes

  • Dashboards [I420]: fixed column visualization in the Single Logon dashboard.
  • Dashboards [I426]: fixed wrong calculations in the Process DNS dashboard.
  • Service (Windows) [I424]: process and session GUIDs were not as expected on 32-bit versions of the agent.
  • Service (Windows) [I427]: Citrix Cloud data for machines, catalogs, and hypervisors could be incomplete due to missing support for pagination.

Release notes

  • Configuration: the metric ApplicationUsage was marked as deprecated and removed from the default configuration.
  • Sourcetype: uberAgent:Process:ProcessDetail has new field(s): SessionID.

Known issues

  • Dashboards [I431]: historic user tags are not available in the dashboards. To receive an updated savedsearches.conf file, please write a mail to [email protected]
  • Boot duration: the metrics TotalBootTimeMs, MainPathBootTimeMs and PostBootTimeMs cannot be determined for every system boot.
  • Browsers/IE add-on: metrics are not collected on page reload.
  • Browsers/IE add-on: metrics are collected incompletely for the configured start page.
  • Browser web app performance: websites may modify the JavaScript performance variable. When that happens, uberAgent cannot determine the page load duration.
  • Citrix ADC: in very rare cases the content of the Virtual Server Performance field vServerName contains spaces in wrong places.
  • Citrix site monitoring: data collection issue if the Citrix Remote Powershell SDK (required for Citrix Cloud monitoring) is installed on a CVAD controller.
  • Citrix XA/XD Machines: when running the Citrix VDA on a Citrix Delivery Controller, some per-machine information is missing.
  • Experience score [I377]: scheduled searches generate three warnings in Splunk’s _internal index every 30 minutes. The messages look like the following: DateParserVerbose - Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (128) characters of event.. However, there is no impact on uberAgent’s functionality.
  • GPU [I33]: values for the fields ComputeUsagePercentAllEngines, ComputeUsagePercentEngine0 and similar can be higher than 100 with Intel Iris GPUs on Windows Server 2016 1607.
  • IE browser performance monitoring does not work if IE is published from Citrix Virtual Apps. It does work from Citrix Virtual Desktops, however.
  • Kafka [I291]: in rare cases sending data to Kafka results in a SEC_E_BUFFER_TOO_SMALL error message in the logfile. This should have no affect; the transmission is repeated and succeeds on the second try.
  • Performance [I372]: on macOS, running uberAgent has a noticeable impact on I/O performance of small writes. As a workaround, the new config flag DisableESFileSystemMonitoring has been added. If set, performance will not be impacted, but ProcIOWriteCount and ProcIOPSWrite will not be available in uberAgent:Process:ProcessDetail.
  • Update inventory: not all installed Windows updates may be reported due to API limitations.
  • Volume inventory: on macOS, the encryption status of mounted read-only APFS snapshots may not be reported due to API limitations. This includes the root directory volume in a default installation of macOS.

Leave a Reply

Your email address will not be published. Required fields are marked *