uberAgent consists of two main components: the actual agent runs on the endpoints you want to be monitored, sending the data it collects to the configured Splunk backend either directly or via Splunk’s Universal Forwarder. The second main component, implemented as a set of Splunk apps, provides the dashboards visualizations, searches, and reports.
uberAgent’s data collecting component is a lightweight agent that runs independently of any runtimes or frameworks. The agent’s footprint is so small that it is truly unobtrusive on the monitored endpoints.
uberAgent does not rely on Windows performance counters but comes with its own metrics. Instead of raw data, it gives you information that matters. A list of metrics can be found here.
The agent is highly configurable: metrics can be turned on or off, the data collection frequency can be chosen freely (per metric) and information from irrelevant sources can be filtered out. This ensures that only data you really need is sent to the Splunk backend for indexing.
The Splunk Apps
Two Splunk apps help process and visualize the data collected by the agent. One lives on Splunk indexers and mainly creates uberAgent’s index and data input. The other is a dashboard app that implements the user interface, providing approximately 50 different views into the collected data.
Most dashboards are searchable and have extensive filtering capabilities to give you a fast and powerful way of isolating specific data. Time range pickers make it easy to go back to the exact time a problem occurred.
uberAgent makes full use of Splunk’s advanced UI components to display a beautiful user interface that fluidly adapts to screen width and device type. As a result, it works equally well on a tablet as on a PC or Mac.