Documentation

Contents
Contents

User Logon Metrics

Active Directory Logon Script Processing

uberAgent collects the duration Active Directory logon scripts.

Details

  • Source type: uberAgent:Logon:ADLogonScriptTimeMs
  • Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration – Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number 3
User User name String Domain\JohnDoe
ADLogonScriptTimeMs Active Directory logon script processing time Number ms 358

Group Policy Processing

Besides the total Group Policy processing time, uberAgent collects DC discovery time and loopback mode.

Details

  • Source type: uberAgent:Logon:GroupPolicyProcessingTimes
  • Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration – Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number 3
User User name String Domain\JohnDoe
GroupPolicyTotalProcessingTimeMs Total Group Policy processing time Number ms 250
DcDiscoveryTimeMs Domain controller discovery time Number ms 10
LoopbackMode Group Policy loopback mode. Possible values: replace, merge, no loopback String replace

Group Policy CSE Detail

uberAgent collects detailed information about Client-Side-Extensions (CSEs) like name, duration and return code.

Details

  • Source type: uberAgent:Logon:GroupPolicyCSEDetail
  • Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration – Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number 3
User User name String Domain\JohnDoe
CseName Client-side extension name String Citrix Group Policy
CseDurationS Client-side extension processing time Number s 5.40
CseGPONames Group Policy where client-side extension is configured String Default Domain Policy
CseReturnCode Client-side extension processing return code. Everything except 0 is bad. Number 0

Group Policy Logon Script

uberAgent collects the duration Group Policy logon scripts.

Details

  • Source type: uberAgent:Logon:GroupPolicyLogonScriptTimeMs
  • Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration – Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number 3
User User name String Domain\JohnDoe
GroupPolicyLogonScriptTimeMs Group Policy logon script processing time Number ms 358

Logon Performance

uberAgent collects logon performance information like disk footprint and process start count.

Details

  • Source type: uberAgent:Logon:LogonPerformance
  • Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration – Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
ProcessStartCount Number of processes started Number 8
IOCountRead Count of read I/O operations Number 100
IOCountWrite Count of write I/O operations Number 100
IOMBRead Amount of read I/O operation data volume Number MB 50
IOMBWrite Amount of write I/O operation data volume Number MB 50
IOLatencyReadMs I/O read operation duration divided by count of read I/O operations Number ms 358
IOLatencyWriteMs I/O write operation duration divided by count of write I/O operations Number ms 358

Logon Processes

Detailed performance data about all processes active during user logon like process start time and lifetime duration, commandline, executable path and CPU footprint.

Details

  • Source type: uberAgent:Process:LogonProcesses
  • Used in dashboards: Single Logon
  • Related configuration settings: n/a

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
ProcName Process name String chrome.exe
ProcID Process ID Number 456
ProcParentName Parent process name String PowerShell.exe
ProcParentID Parent process ID Number 789
ProcUser User who ran the process String Domain\JohnDoe
AppId Associated application ID. Used by uberAgent to lookup application names and populate field AppName. String GglChrm
AppVersion Associated application version String 67.0.3396.99
LogonProcType uberAgent groups processes running during logon into types. Possible values: Other, Userinit, AppSetup, Active Setup, AD logon script, GP logon script, Shell,RES Workspace Manager shell,RES Workspace Manager shell child,GP software installation, Run once, Initial program, User profile, Group Policy, Session setup, First logon animation String GP logon script
ProcStartTimeRelativeMs Process relative start time Number ms 16764
ProcLifetimeMs Process lifetime Number ms 73615
ProcCmdline Process command line String C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –url http://vastlimits.com
ProcPath Process path String C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
ProcCPUTimeMs Process consumed CPU time Number ms 11859
ProcIOReadCount Process I/O operation read count Number 2000
ProcIOWriteCount Process I/O operation write count Number 990
ProcIOReadMB Process I/O operation read data volume Number MB 100.05
ProcIOWriteMB Process I/O operation write data volume Number MB 16.06
ProcIOLatencyReadMs Process I/O operation read latency String ms 300
ProcIOLatencyWriteMs Process I/O operation write latency String ms 300
ProcWorkingSetMB Process consumed RAM Number MB 500.06
ProcNetKBPS Process generated network traffic Number KB 19.18
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number 3
TotalLogonDurationMs Total logon duration Number ms 40000
SortOrder Sort order number to sort the table Logon process performance on the Single Logon dashboard correctly. Number 29

List of Calculated Fields

Field Description Data type Unit Example Where available
AppName Associated application name String Google Chrome Splunk data model, Splunk SPL

Profile Load Time

uberAgent collects the duration of user profile loading (Microsoft user profile service and Citrix Profile Management).

Details

  • Source type: uberAgent:Logon:ProfileLoadTimeMs
  • Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration – Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number 3
User User name String Domain\JohnDoe
CitrixPMLoadTimeMs User profile loading time – Citrix Profile Management Number ms 40000
ProfileLoadTimeMs User profile loading time – Microsoft user profile service Number ms 40000

RES Workspace Shell Startup

uberAgent collects information about RES ONE Workspace shell startup time.

Details

  • Source type: uberAgent:Logon:ResWmProcessingTimeMs
  • Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration – Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number 3
User User name String Domain\JohnDoe
ResWmProcessingTimeMs RES ONE Workspace shell startup time Number ms 358

Session Logon

uberAgent collects information about session logon like session logon time and AD logon server.

Details

  • Source type: uberAgent:Logon:SessionLogonTime
  • Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration – Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number 3
User User name String Domain\JohnDoe
SessionLogonTime Time when the user logon started String 2018-07-23 08:50:14
PreLogonInitTimeMs Time from session creation until user logon. More information. Number ms 358
SiteName Active Directory site name String Default-First-Site-Name
LogonServer Authenticating Active Directory domain controller String DC1

Session End

uberAgent collects the session end time.

Details

  • Source type: uberAgent:Logon:SessionEnd
  • Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration – Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number 3
User User name String Domain\JohnDoe
SessionEndTime Time when the session ended String 2018-07-23 10:06:02
SessionDurationMs Period of time between SessionLogonTime and SessionEndTime Number ms 800000

Shell startup time

uberAgent collects the duration of shell startup (normally explorer.exe).

Details

  • Source type: uberAgent:Logon:ShellStartupTimeMs
  • Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration – Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number 3
User User name String Domain\JohnDoe
ShellStartupTimeMs Shell startup time. Typically Windows Explorer. Number ms 358

Total logon time

uberAgent collects the total duration of every logon.

Details

  • Source type: uberAgent:Logon:TotalLogonTimeMs
  • Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration – Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
SessionGUID Unique identifier that is generated by uberAgent when the session is created.
Valid for this session only.
String 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created.
Will be reassigned to other sessions after logoff.
Number 3
User User name String Domain\JohnDoe
TotalLogonTimeMs Total logon duration is defined as the time from the actual logon until the shell is fully initialized. Number ms 40000