User Logon Metrics
Logon Detail
uberAgent collects various details about logons like profile load time, Group Policy processing time as well as process performance.
Details
- Source type:
uberAgent:Logon:LogonDetail
- Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration – Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
- Enabled through configuration setting:
LogonDetail
- Related configuration settings: n/a
- Supported platform: Windows
List of Fields in the Raw Agent Data
Field | Description | Data type | Unit | Measurement type | Example |
---|---|---|---|---|---|
SessionGUID | Unique identifier that is generated by uberAgent when the session is created. Valid for this session only. |
String | Snapshot | 00000002-f295-9109-e7c7-c964011dd401 | |
SessionID | Unique identifier that is generated by the machine when the session is created. Will be reassigned to other sessions after logoff. |
Number | Snapshot | 3 | |
User | User name. | String | Snapshot | Domain\JohnDoe | |
SessionLogonTime | Time when the user logon started. | String | Snapshot | 2018-07-23 08:50:14 | PreLogonInitTimeMs | Time from session creation until user logon (more information). | Number | ms | Sum | 358 |
SiteName | Active Directory site name. | String | Snapshot | Default-First-Site-Name | |
LogonServer | Authenticating Active Directory domain controller. | String | Snapshot | DC1 | |
ProfileLoadTimeMs | User profile loading time – Microsoft user profile service. | Number | ms | Sum | 40000 |
CitrixPMLoadTimeMs | User profile loading time – Citrix Profile Management. | Number | ms | Sum | 40000 |
GroupPolicyTotalProcessingTimeMs | Total Group Policy processing time. | Number | ms | Sum | 250 |
DcDiscoveryTimeMs | Domain controller discovery time | Number | ms | Sum | 10 |
LoopbackMode | Group Policy loopback mode. Possible values: replace , merge , no loopback . |
String | Snapshot | replace | |
ADLogonScriptTimeMs | Active Directory logon script processing time. | Number | ms | Sum | 358 |
GroupPolicyLogonScriptTimeMs | Group Policy logon script processing time. | Number | ms | Sum | 358 |
ResWmProcessingTimeMs | RES ONE Workspace shell startup time. | Number | ms | Sum | 358 |
ShellStartupTimeMs | Shell startup time. Typically Windows Explorer. | Number | ms | Sum | 358 |
TotalLogonTimeMs | Total logon duration is defined as the time from the actual logon until the shell is fully initialized. | Number | ms | Sum | 40000 |
ProcessStartCount | Number of processes started. | Number | Count | 8 | |
IOCountRead | Count of read I/O operations. | Number | Count | 100 | |
IOCountWrite | Count of write I/O operations. | Number | Count | 100 | |
IOMBRead | Amount of read I/O operation data volume. | Number | MB | Sum | 50 |
IOMBWrite | Amount of write I/O operation data volume. | Number | MB | Sum | 50 |
IOLatencyReadMs | I/O read operation duration divided by count of read I/O operations. | Number | ms | Average | 358 |
Group Policy CSE Detail
uberAgent collects detailed information about Client-Side-Extensions (CSEs) like name, duration, and return code.
Details
- Source type:
uberAgent:Logon:GroupPolicyCSEDetail2
- Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration – Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
- Enabled through configuration setting:
LogonDetail
- Related configuration settings: n/a
- Supported platform: Windows
List of Fields in the Raw Agent Data
Field | Description | Data type | Unit | Measurement type | Example |
---|---|---|---|---|---|
SessionGUID | Unique identifier that is generated by uberAgent when the session is created. Valid for this session only. |
String | Snapshot | 00000002-f295-9109-e7c7-c964011dd401 | |
SessionID | Unique identifier that is generated by the machine when the session is created. Will be reassigned to other sessions after logoff. |
Number | Snapshot | 3 | |
User | User name. | String | Snapshot | Domain\JohnDoe | |
CseName | Client-side extension name. | String | Snapshot | Citrix Group Policy | |
CseDurationS | Client-side extension processing time. | Number | s | Sum | 5.40 |
CseGPONames | Group Policy where client-side extension is configured. | String | Snapshot | Default Domain Policy | |
CseReturnCode | Client-side extension processing return code. Everything except 0 is bad. | Number | Snapshot | 0 |
Logon Processes
Detailed performance data about all processes active during user logon like process start time and lifetime duration, commandline, executable path, and CPU footprint.
Details
- Source type:
uberAgent:Process:LogonProcesses
- Used in dashboards: Single Logon
- Related configuration settings: n/a
- Supported platform: Windows
List of Fields in the Raw Agent Data
Field | Description | Data type | Unit | Measurement type | Example |
---|---|---|---|---|---|
ProcName | Process name. | String | Snapshot | chrome.exe | |
ProcID | Process ID. | Number | Snapshot | 456 | |
ProcParentName | Parent process name. | String | Snapshot | PowerShell.exe | |
ProcParentID | Parent process ID. | Number | Snapshot | 789 | |
ProcUser | User who ran the process. | String | Snapshot | Domain\JohnDoe | |
AppId | Associated application ID. Used by uberAgent to lookup application names and populate field AppName . |
String | Snapshot | GglChrm | |
AppVersion | Associated application version. | String | Snapshot | 67.0.3396.99 | |
LogonProcType | uberAgent groups processes running during logon into types. Possible values: Other , Userinit , AppSetup , Active Setup , AD logon script , GP logon script , Shell ,RES Workspace Manager shell ,RES Workspace Manager shell child ,GP software installation , Run once , Initial program, User profile , Group Policy , Session setup , First logon animation . |
String | Snapshot | GP logon script | |
ProcStartTimeRelativeMs | Process relative start time. | Number | ms | Snapshot | 16764 |
ProcLifetimeMs | Process lifetime. | Number | ms | Sum | 73615 |
ProcCmdline | Process command line. | String | Snapshot | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –url http://vastlimits.com | |
ProcPath | Process path. | String | Snapshot | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | |
ProcCPUTimeMs | Process consumed CPU time. | Number | ms | Sum | 11859 |
ProcIOReadCount | Process I/O operation read count. | Number | Count | 2000 | |
ProcIOWriteCount | Process I/O operation write count. | Number | Count | 990 | |
ProcIOReadMB | Process I/O operation read data volume. | Number | MB | Sum | 100.05 |
ProcIOWriteMB | Process I/O operation write data volume. | Number | MB | Sum | 16.06 |
ProcIOLatencyReadMs2 | Process I/O operation read latency. | Number | ms | Average | 300 |
ProcIOLatencyWriteMs2 | Process I/O operation write latency. | Number | ms | Average | 300 |
ProcWorkingSetMB | Process consumed RAM. | Number | MB | Snapshot | 500.06 |
ProcNetKBPS | Process generated network traffic. | Number | KB | Sum | 19.18 |
SessionGUID | Unique identifier that is generated by uberAgent when the session is created. Valid for this session only. |
String | Snapshot | 00000002-f295-9109-e7c7-c964011dd401 | |
SessionID | Unique identifier that is generated by the machine when the session is created. Will be reassigned to other sessions after logoff. |
Number | Snapshot | 3 | |
TotalLogonDurationMs | Total logon duration. | Number | ms | Sum | 40000 |
SortOrder2 | Sort order number to sort the table Logon process performance on the Single Logon dashboard correctly. | Number | Snapshot | 29 |
List of Calculated Fields
Field | Description | Data type | Unit | Measurement type | Where available | Example |
---|---|---|---|---|---|---|
AppName | Associated application name. | String | Snapshot | Splunk data model, Splunk SPL | Google Chrome | |
SortOrder | Sort order number to sort the table Boot process performance on the Single Boot dashboard correctly. | Number | Snapshot | Splunk data model | 1 |