Application and Process Performance Metrics
Process Detail
uberAgent collects metrics per application/process like user and domain, CPU usage, RAM usage as well as network latency and throughput.
Note: processes are auto-grouped into applications, i.e. the application name is determined automatically without requiring any configuration. Information on how this works is available here.
Details
- Source type:
uberAgent:Process:ProcessDetail - Used in dashboards: Process Performance, Application Performance, Machine Performance, Application Usage, Process GPU, Single Machine Detail, Single Application Detail, Single User Detail, Analyze data over time
- Enabled through configuration setting:
ProcessDetailTop5orProcessDetailFull - Related configuration settings:
[ProcessToApplicationMapping],[ApplicationMappingIgnoredProcesses],[ProcessDetailFull_Filter],[ProcessDetail_SendCommandline],[ProcessStartupSettings]
List of Fields in the Raw Agent Data
| Field | Description | Data type | Unit | Measurement type | Platform | Example |
|---|---|---|---|---|---|---|
| ProcName | Process name | String | Snapshot | all | chrome.exe | |
| ProcCPUTimeMs | Process CPU time | Number | ms | Sum | all | 5000 |
| ProcCPUPercent | Process CPU usage | Number | % | Average | all | 12 |
| ProcIOPSRead | Process I/O read operations | Number | Average | Win | 200 | |
| ProcIOPSWrite | Process I/O write operations | Number | Average | all | 200 | |
| ProcIOReadCount | Count of process I/O read operations | Number | Count | Win | 100 | |
| ProcIOWriteCount | Count of process I/O write operations | Number | Count | all | 100 | |
| ProcIOReadMB | Amount of process I/O read operations data volume | Number | MB | Sum | all | 150 |
| ProcIOWriteMB | Amount of process I/O write operations data volume | Number | MB | Sum | all | 150 |
| ProcIOLatencyReadMs2 | Process I/O read operations latency | Number | ms | Average | Win | 300 |
| ProcIOLatencyWriteMs2 | Process I/O write operations latency | Number | ms | Average | Win | 300 |
| ProcWorkingSetMB | Process consumed RAM | Number | MB | Snapshot | all | 100 |
| ProcNetKBPS | Process generated network traffic | Number | KB | Sum | Win | 500 |
| ProcUser | Process user | String | Snapshot | all | Domain\JohnDoe | |
| ProcGpuComputePercent | Process GPU compute usage | Number | % | Average | Win | 20 |
| ProcGpuMemMB | Process GPU memory usage | Number | MB | Average | Win | 150 |
| AppId | Associated application ID. Used by uberAgent to lookup application names and populate field AppName. |
String | Snapshot | all | GglChrm | |
| AppVersion | Application version | String | Snapshot | all | 67.0.3396.99 | |
| ProcID | Process ID | Number | Snapshot | all | 456 | |
| ProcCmdline | Full commandline the process was launched with | String | Snapshot | all | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –url http://vastlimits.com | |
| ProcGUID | Unique identifier that is generated by uberAgent when the process is started | String | Snapshot | all | 00000000-ebe5-469c-63ae-f5a1de28d401 | |
| ProcGpuEngineMostUsed | The number of the most used GPU engine (requires Windows 10 1709) | Number | Snapshot | Win | 1 | |
| ProcGpuEngineMostUsedDisplayName | The display name of the most used GPU engine (requires Windows 10 1709) | String | Snapshot | Win | 3D | |
| SessionID | Session ID | Number | Snapshot | all | 1 |
The following field is empty unless EnableExtendedInfo is set to true: ProcGUID
The following field is empty unless EnableExtendedInfo and [ProcessDetail_SendCommandline] are configured: ProcCmdline
List of Calculated Fields
| Field | Description | Data type | Unit | Measurement type | Where available | Example |
|---|---|---|---|---|---|---|
| ProcCPUTimeS | Process CPU time | Number | s | Sum | Splunk data model | 5 |
| ProcIOCount | ProcIOReadCount + ProcIOWriteCount |
String | Sum | Splunk data model | 200 | |
| ProcIOPS | ProcIOPSRead + ProcIOPSWrite |
Number | Sum | Splunk data model | 400 | |
| ProcIOMB | ProcIOReadMB + ProcIOWriteMB |
Number | MB | Sum | Splunk data model | 300 |
| ProcIOMBPS | ProcIOMB / ProcIOCount x ProcIOPS |
Number | MB | Sum | Splunk data model | 600 |
| ProcIOLatencyMs | ProcIOLatencyReadMs + ProcIOLatencyWriteMs |
Number | ms | Sum | Splunk data model | 600 |
| ProcIODurationReadMS | ProcIOLatencyMsRead x ProcIOCountRead |
Number | ms | Sum | Splunk data model | 30000 |
| ProcIODurationWriteMS | ProcIOLatencyMsWrite x ProcIOCountWrite |
Number | ms | Sum | Splunk data model | 30000 |
| ProcIODurationMS | ProcIODurationReadMS + ProcIODurationWriteMS |
Number | ms | Sum | Splunk data model | 60000 |
| User | Content of field ProcUser |
String | Snapshot | Splunk data model | Domain\JohnDoe | |
| AppName | Associated application name | String | Snapshot | Splunk data model, Splunk SPL | Google Chrome | |
| time | Content of field _time |
Number | Snapshot | Splunk data model | 2018-07-31T18:34:32.451+02:00 |