Application and Process Performance Metrics
Process Detail
uberAgent collects metric per application/process like user and domain, CPU usage, RAM usage as well as network latency and throughput.
Note: processes are auto-grouped into applications, i.e. the application name is determined automatically without requiring any configuration. Information on how this works are available here.
Details
- Source type: uberAgent:Process:ProcessDetail
- Used in dashboards: Process Performance, Application Performance, Machine Performance, Application Usage, Process GPU, Single Machine Detail, Single Application Detail, Single User Detail, Analyze data over time
- Enabled through configuration setting: ProcessDetailTop5 or ProcessDetailFull
- Related configuration settings: [ProcessToApplicationMapping], [ApplicationMappingIgnoredProcesses], [ProcessDetailFull_Filter], [ProcessDetail_SendCommandline], [ProcessStartupSettings]
List of Fields in the Raw Agent Data
| Field | Description | Data type | Unit | Example |
|---|---|---|---|---|
| ProcName | Process name | String | chrome.exe | |
| ProcCPUTimeMs | Process CPU time | Number | ms | 5000 |
| ProcCPUPercent | Process CPU usage | Number | % | 12 |
| ProcIOPSRead | Process I/O read operations | Number | 200 | |
| ProcIOPSWrite | Process I/O write operations | Number | 200 | |
| ProcIOReadCount | Count of process I/O read operations | Number | 100 | |
| ProcIOWriteCount | Count of process I/O write operations | Number | 100 | |
| ProcIOReadMB | Amount of process I/O read operations data volume | Number | MB | 150 |
| ProcIOWriteMB | Amount of process I/O write operations data volume | Number | MB | 150 |
| ProcIOLatencyReadMs | Process I/O write operations latency | Number | ms | 300 |
| ProcIOLatencyWriteMs | Process I/O read operations latency | Number | ms | 300 |
| ProcWorkingSetMB | Process consumed RAM | Number | MB | 100 |
| ProcNetKBPS | Process generated network traffic | Number | KB | 500 |
| ProcUser | Process user | String | Domain\JohnDoe | |
| ProcGpuComputePercent | Process GPU compute usage | Number | % | 20 |
| ProcGpuMemMB | Process GPU memory usage | Number | MB | 150 |
| AppId | Associated application ID. Used by uberAgent to lookup application names and populate field AppName. | String | GglChrm | |
| AppVersion | Application version | String | 67.0.3396.99 | |
| ProcID | Process ID | Number | 456 | |
| ProcCmdline | Full commandline the process was launched with | String | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –url http://vastlimits.com | |
| ProcGUID | Unique identifier that is generated by uberAgent when the process is started | String | 00000000-ebe5-469c-63ae-f5a1de28d401 | |
| ProcGpuEngineMostUsed | The number of the most used GPU engine (requires Windows 10 1709) | Number | 1 | |
| ProcGpuEngineMostUsedDisplayName | The display name of the most used GPU engine (requires Windows 10 1709) | String | 3D |
The following field is empty unless EnableExtendedInfo is set to true: ProcGUID
The following field is empty unless EnableExtendedInfo and [ProcessDetail_SendCommandline] are configured: ProcCmdline
List of Calculated Fields
| Field | Description | Data type | Unit | Example | Where available |
|---|---|---|---|---|---|
| ProcCPUTimeS | Process CPU time | Number | s | 5 | Splunk data model |
| ProcIOCount | ProcIOReadCount + ProcIOWriteCount | String | 200 | Splunk data model | |
| ProcIOPS | ProcIOPSRead + ProcIOPSWrite | Number | 400 | Splunk data model | |
| ProcIOMB | ProcIOReadMB + ProcIOWriteMB | Number | MB | 300 | Splunk data model |
| ProcIOMBPS | ProcIOMB / ProcIOCount x ProcIOPS | Number | MB | 600 | Splunk data model |
| ProcIOLatencyMs | ProcIOLatencyReadMs + ProcIOLatencyWriteMs | Number | ms | 600 | Splunk data model |
| ProcIODurationReadMS | ProcIOLatencyMsRead x ProcIOCountRead | Number | ms | 30000 | Splunk data model |
| ProcIODurationWriteMS | ProcIOLatencyMsWrite x ProcIOCountWrite | Number | ms | 30000 | Splunk data model |
| ProcIODurationMS | ProcIODurationReadMS + ProcIODurationWriteMS | Number | ms | 60000 | Splunk data model |
| User | Content of field ProcUser | String | Domain\JohnDoe | Splunk data model | |
| AppName | Associated application name | String | Google Chrome | Splunk data model, Splunk SPL | |
| time | Content of field _time | Number | 2018-07-31T18:34:32.451+02:00 | Splunk data model |
