Application & Process Performance Metrics
Process Detail
uberAgent collects rich metrics per process & per application. This includes the user and domain, CPU & RAM usage as well as network latency & throughput, to name just a few.
Notes:
- Processes are auto-grouped into applications, i.e., the application name is determined automatically. Information on how automatic application identification works is available here.
Details
- Source type:
uberAgent:Process:ProcessDetail - Used in dashboards: Process Performance, Application Performance, Machine Performance, Application Usage, Process GPU, Single Machine Detail, Single Application Detail, Single User Detail, Analyze data over time
- Enabled through configuration setting:
ProcessDetailTop5orProcessDetailFull - Related configuration settings:
[ProcessToApplicationMapping],[ApplicationMappingIgnoredProcesses],[ProcessDetailFull_Filter],[ProcessDetail_SendCommandline],[ProcessStartupSettings]
List of Fields in the Raw Agent Data
| Field | Description | Data type | Unit | Measurement type | Platform | Example |
|---|---|---|---|---|---|---|
| ProcName | Process name. | String | Snapshot | all | chrome.exe | |
| ProcCPUTimeMs | Process CPU usage (absolute usage in milliseconds). | Number | ms | Sum | all | 5000 |
| ProcCPUPercent | Process CPU usage (relative usage in percent). | Number | % | Average | all | 12 |
| ProcIOPSRead | Process I/O read operations per second. | Number | Average | Win | 200 | |
| ProcIOPSWrite | Process I/O write operations per second. | Number | Average | Win | 200 | |
| ProcIOReadCount | Process I/O read operation count. | Number | Count | Win | 100 | |
| ProcIOWriteCount | Process I/O write operation count. | Number | Count | Win | 100 | |
| ProcIOReadMB | Process I/O read data volume. | Number | MB | Sum | all | 150 |
| ProcIOWriteMB | Process I/O write data volume. | Number | MB | Sum | all | 150 |
| ProcIOLatencyReadMs2 | Latency of process I/O read operations. | Number | ms | Average | Win | 300 |
| ProcIOLatencyWriteMs2 | Latency of process I/O write operations. | Number | ms | Average | Win | 300 |
| ProcWorkingSetMB | Process RAM usage (working set). | Number | MB | Snapshot | all | 100 |
| ProcNetKBPS | Process network traffic data volume per second. | Number | KB | Sum | all | 500 |
| ProcUser | Process user. | String | Snapshot | all | Domain\JohnDoe | |
| ProcGpuComputePercent | Process GPU compute usage (relative usage in percent). | Number | % | Average | Win | 20 |
| ProcGpuMemMB | Process GPU memory usage. | Number | MB | Average | Win | 150 |
| AppId | Associated application ID. Used by uberAgent to lookup application names and populate field AppName. |
String | Snapshot | all | GglChrm | |
| AppVersion | Associated application version. | String | Snapshot | all | 67.0.3396.99 | |
| ProcID | Process ID generated by the OS. Process IDs are reused and cannot be used to uniquely identify a process. Use ProcGUID for that purpose instead. |
Number | Snapshot | all | 456 | |
| ProcCmdline | The process’ command line. | String | Snapshot | all | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –url http://vastlimits.com | |
| ProcGUID | Unique identifier for a process instance that is generated by uberAgent. | String | Snapshot | all | 00000000-ebe5-469c-63ae-f5a1de28d401 | |
| ProcGpuEngineMostUsed | The ID of the most used GPU engine (requires at least Windows 10 1709). | Number | Snapshot | Win | 1 | |
| ProcGpuEngineMostUsedDisplayName | The display name of the most used GPU engine (requires at least Windows 10 1709). | String | Snapshot | Win | 3D | |
| SessionID | Session ID generated by the OS. Session IDs are reused and cannot be used to uniquely identify a session. Use SessionGUID for that purpose instead. |
Number | Snapshot | all | 1 |
Notes:
- The following fields are empty unless
EnableExtendedInfois set to true:ProcGUID. - The following field is empty unless
EnableExtendedInfoand[ProcessDetail_SendCommandline]are configured:ProcCmdline.
List of Calculated Fields
| Field | Description | Data type | Unit | Measurement type | Where available | Example |
|---|---|---|---|---|---|---|
| ProcCPUTimeS | Process CPU usage (absolute usage in seconds). | Number | s | Sum | Splunk data model | 5 |
| ProcIOCount | ProcIOReadCount + ProcIOWriteCount. |
String | Sum | Splunk data model | 200 | |
| ProcIOPS | ProcIOPSRead + ProcIOPSWrite. |
Number | Sum | Splunk data model | 400 | |
| ProcIOMB | ProcIOReadMB + ProcIOWriteMB. |
Number | MB | Sum | Splunk data model | 300 |
| ProcIOMBPS | ProcIOMB / ProcIOCount x ProcIOPS. |
Number | MB | Sum | Splunk data model | 600 |
| ProcIOLatencyMs | ProcIOLatencyReadMs + ProcIOLatencyWriteMs. |
Number | ms | Sum | Splunk data model | 600 |
| ProcIODurationReadMS | ProcIOLatencyMsRead x ProcIOCountRead. |
Number | ms | Sum | Splunk data model | 30000 |
| ProcIODurationWriteMS | ProcIOLatencyMsWrite x ProcIOCountWrite. |
Number | ms | Sum | Splunk data model | 30000 |
| ProcIODurationMS | ProcIODurationReadMS + ProcIODurationWriteMS. |
Number | ms | Sum | Splunk data model | 60000 |
| User | Alias for ProcUser. |
String | Snapshot | Splunk data model | Domain\JohnDoe | |
| AppName | Associated application name. | String | Snapshot | Splunk data model, Splunk SPL | Google Chrome | |
| time | Alias for _time. |
Number | Snapshot | Splunk data model | 2018-07-31T18:34:32.451+02:00 |
Process Statistics
uberAgent collects rich metrics per process. This includes the handle count, page faults, and priority, to name just a few.
Notes:
- Processes are auto-grouped into applications, i.e., the application name is determined automatically. Information on how automatic application identification works is available here.
Details
- Source type:
uberAgent:Process:ProcessStatistics - Used in dashboards: Process Performance, Application Performance, Single Application Detail, , Analyze data over time
- Enabled through configuration setting:
ProcessStatistics - Related configuration settings:
List of Fields in the Raw Agent Data
| Field | Description | Data type | Unit | Measurement type | Platform | Example |
|---|---|---|---|---|---|---|
| ProcName | Process name. | String | Snapshot | Win | chrome.exe | |
| ProcID | Process ID generated by the OS. Process IDs are reused and cannot be used to uniquely identify a process. Use ProcGUID for that purpose instead. |
Number | Snapshot | Win | 456 | |
| ProcGUID | Unique identifier for a process instance that is generated by uberAgent. | String | Snapshot | Win | 00000000-ebe5-469c-63ae-f5a1de28d401 | |
| ProcUser | Process user. | String | Snapshot | Win | Domain\JohnDoe | |
| AppId | Associated application ID. Used by uberAgent to lookup application names and populate field AppName. |
String | Snapshot | Win | GglChrm | |
| ProcHandleCount | Process handle count. | Number | Snapshot | Win | 810 | |
| ProcThreadCount | Process thread count. | Number | Snapshot | Win | 20 | |
| ProcPriority | Process priority. Valid values: 0, 1, 2, 3, 4, 5 or 6. The numerical priority is used by uberAgent to look up and populate the field ProcPriorityDisplayName. |
Number | Snapshot | Win | 4 | |
| ProcPrivateMB | Process allocated private memory. | Number | MB | Snapshot | Win | 512 |
| ProcVirtualSizeMB | Process allocated virtual memory. | Number | MB | Snapshot | Win | 128 |
| ProcPageFaultsPS | Process page faults per second. | Number | s | Average | Win | 10 |
| ProcPageFileMB | Process page file usage. | Number | MB | Snapshot | Win | 256 |
List of Calculated Fields
| Field | Description | Data type | Unit | Measurement type | Where available | Example |
|---|---|---|---|---|---|---|
| ProcPriorityDisplayName | Process priority display name (see also ProcPriority). Valid values: Above normal, Below normal, High, Idle, Normal, Realtime and Unknown. |
String | Snapshot | Splunk data model, Splunk SPL | Above normal |