uberAgent

Documentation

Contents
Contents
Previous document: Machine Performance And Utilization Metrics Next document: Machine Inventory Metrics
Contents
Contents
  1. uberAgent
  2. 6.1.1
  3. Metrics
  4. Machine Metrics
  5. Machine Blue Screens and Hangs Metrics

Machine Blue Screens and Hangs Metrics

In this article

Blue Screens and Hangs

uberAgent collects information on every blue screen and hang, like the type of error (blue screen, hard power off or hang) and the stop error code.

Details

  • Source type: uberAgent:System:Bugcheck
  • Used in dashboards: Stop Errors (Blue Screen & Power Loss)
  • Enabled through configuration setting: ApplicationErrors
  • Related configuration settings: n/a
  • Supported platform: Windows

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
BugcheckCode Stop error code ID. Possible values: too many to list here. Please check the lookup file bugcheck_codes.csv or Microsoft’s bug check code reference. Number 0x1
BugcheckParameter1 Stop error parameter 1. The meaning of this value depends on the bugcheck code and can be looked up in Microsoft’s bug check code reference String 0x7ffd8e8c7864
BugcheckParameter2 Stop error parameter 2. The meaning of this value depends on the bugcheck code and can be looked up in Microsoft’s bug check code reference String 0x1
BugcheckParameter3 Stop error parameter 3. The meaning of this value depends on the bugcheck code and can be looked up in Microsoft’s bug check code reference String 0x0
BugcheckParameter4 Stop error parameter 4. The meaning of this value depends on the bugcheck code and can be looked up in Microsoft’s bug check code reference String 0xffffe181ead22b80
SleepInProgress Indicates if the machine was in sleep mode when stop error occured. Possible values: 0, 1 Number 0
PowerButtonTimestamp Indicates if the power button on the computer was pushed and held for at least four seconds. Possible values: 0 or Windows FILETIME timestamp of when the power button was pressed. Number 131768171003182508
PowerButtonTimestampEpoch Indicates if the power button on the computer was pushed and held for at least four seconds. Possible values: 0 or Unix epoch timestamp of when the power button was pressed. Number 1532343500318
BootAppStatus n/a String 0
Checkpoint n/a Number 0
ConnectedStandbyInProgress Indicates if the machine was in connected standby mode when stop error occured. Possible values: 0, 1 String 0
SystemSleepTransitionsToOn Indicates if the machine was in the transition from sleep to on mode when stop error occured. Possible values: 0, 1 Number 0
CsEntryScenarioInstanceId n/a Number 0

List of Calculated Fields

Field Description Data type Unit Example Where available
BugcheckCodeDisplayName Stop error code name. Possible values: too many to list here. Please check the lookup file bugcheck_codes.csv or Microsoft’s bug check code reference. String Hard power off Splunk data model

Interpreting the Data

The data collected by uberAgent helps to identify three different types of blue screens and hangs:

“Normal” Bugcheck

Conditions:

  • BugcheckCode > 0

Explanation: the bugcheck code can be determined and written to disk before the computer shuts down or restarts.

Hard Power Off

Conditions:

  • PowerButtonTimestamp > 0

Explanation: the machine was turned off by pressing and holding the power button for at least 4 seconds.

Random Restart

Conditions:

  • BugcheckCode = 0
  • PowerButtonTimestamp = 0

Explanation: power loss or hard hang.

Previous document: Machine Performance And Utilization Metrics Next document: Machine Inventory Metrics

Leave a Reply

Your email address will not be published. Required fields are marked *

Miscellaneous

Imprint
Privacy Policy