List of Metrics

uberAgent collects data for the following metrics.

User Logon

Total logon duration as well as duration of each of the relevant logon phases:

  • User profile loading (Microsoft user profile service and Citrix Profile Management)
  • Group Policy processing
  • Logon script processing time (configured via Active Directory user object or Group Policy)
  • Shell startup time (auto-detecting RES ONE Workspace shells)

Group Policy Processing

uberAgent collects the total Group Policy processing time in addition to the following much more detailed metrics:

  • Domain controller discovery time
  • GPOs applied during logon
  • Processing time for each active client side extension (CSE), both from Microsoft and third parties. This includes:
    • Folder redirection
    • Drive mapping
    • Offline files
    • Citrix policies
    • Group Policy preferences
    • …and many more

uberagent-boot-io-count-per-process

Logon Process Performance

Detailed performance data about all processes active during user logon. For each of those processes uberAgent collects:

  • Process name and ID
  • Session ID
  • Parent process name and ID
  • Process user account
  • Associated application name and version
  • Process type (e.g. part of the logon script)
  • Process start time and lifetime duration
  • Commandline
  • Executable path
  • CPU footprint
  • Disk footprint
  • Memory footprint
  • Network footprint

Logon Process Summary

Summary performance data about process activity during user logon:

  • Number of processes started
  • Disk footprint

Related Splunk Events

User Logoff

Total logoff duration as well as duration of each of the relevant logoff phases:

  • User profile unloading
  • Logoff script processing time
  • Session logoff duration

Logoff Process Performance

Detailed performance data about all processes active during user logoff. For each of those processes uberAgent collects:

  • Process name and ID
  • Session ID
  • Parent process name and ID
  • Process user account
  • Associated application name and version
  • Process type (e.g. part of the logoff script)
  • Process start time and lifetime duration
  • Commandline
  • Executable path
  • CPU footprint
  • Disk footprint
  • Memory footprint
  • Network footprint

Logoff Process Summary

Summary performance data about process activity during user logoff:

  • Number of processes started
  • Disk footprint

Related Splunk Events

Browsers

Internet Explorer

The following metrics are collected per website (URL):

  • CPU usage
  • RAM usage
  • Disk IO count, volume, latency and IOPS
  • Network throughput

Related Splunk Events

Google Chrome

uberAgent collects performance data per Chrome process type, e.g.:

  • Browser (main process)
  • Tab (rendering process)
  • Extension (running Chrome extensions)
  • GPU (graphics acceleration)
  • Flash (playing Adobe Flash)
  • Java (running Java apps)

Related Splunk Events

Microsoft Office

Outlook

uberAgent collects Outlook plugin load duration and related information:

  • Plugin name, ProgID and GUID
  • Plugin load duration
  • Plugin “load behavior” (state)
  • Whether the plugin is installed per machine or per user

Related Splunk Events

Machine

Machine Performance

The following performance metrics are collected per machine:

  • CPU and RAM usage
  • GPU compute and memory usage
  • Kernel memory usage
  • IOPS (read and write separately)
  • Disk IO count, latency and volume (read and write separately)
  • Disk utilization (percent disk time)
  • Network utilization in percent
  • Number of sessions, processes, threads, handles
  • Idleness (how ready the machine is to go into power saving mode)

Machine Inventory

The following inventory metrics are collected per machine:

  • OS name
  • OS type and architecture
  • OS install date
  • Hardware manufacturer and model
  • CPU model, frequency, sockets, cores (logical and physical)
  • RAM size (GB)
  • GPU model and memory size
  • BIOS version
  • AD domain, site, OU and computer distinguished name
  • Citrix site name, machine catalog name and delivery group name
  • Primary IP address
  • Primary network adapter name and description
  • Properties: is VM, UPS present, battery present
  • Power capabilities: supports connected standby, S1, S2, S3, S4, S5
  • Battery wear level

Disk Inventory

The following inventory metrics are collected per physical disk:

  • Disk name
  • Disk capacity
  • Disk properties: is writable, is removable

Volume Inventory

The following inventory metrics are collected per logical volume:

  • Disk device the volume resides on
  • Volume label
  • File system
  • Mount points
  • Free space (MB)
  • Capacity (MB)
  • Used space (percent)
  • Volume properties: partition style, is system volume, is boot volume, is dirty

Related Splunk Events

SMB Client Performance

The following inventory metrics are collected per network share the endpoint is connected to:

  • Share path
  • IO count, latency, volume and IOPS (read and write)

Related Splunk Events

Network

Network Communication

The following metrics are collected per network target and sending/receiving process. A network target is a communication endpoint from the point of view of the machine uberAgent is running on. uberAgent distinguishes between different services on the target machine and can show latencies for, say, SMB and SQL Server independently. Of course uberAgent supports both IPv4 and IPv6!

  • Source process (process sending/receiving data on the machine uberAgent is running on)
  • Source application name and version
  • Target name, IP address and port
  • Send, receive and connect count
  • Reconnect and retransmit count
  • Send and receive volume (MB)
  • Send and receive throughput (KB/s)
  • Send latency
  • Send latency count (number of measurements)
  • Protocols used

Network Connection Failures

The following metrics are collected whenever a network connection attempt fails:

  • Source process name and ID
  • Source application name and version
  • User name and RDS session
  • Target name, IP address and port
  • Protocols used

Related Splunk Events

Session

The following metrics are collected per user session:

  • Session ID
  • Computername
  • Logon and logoff time, session duration
  • Remoting protocol (ICA/HDX, RDP, PCoIP, Blast)
  • Connection state (e.g. active, disconnected)
  • User and domain
  • CPU and RAM usage
  • Disk IO count, volume, latency and IOPS
  • Network throughput
  • Citrix ICA/HDX protocol latency
  • Citrix ICA/HDX client information (name, IP address, version, etc.)
  • Citrix client hardware ID
  • VMware RDP/PCoIP client information (name, IP address, etc.)
  • Microsoft RDP client information (name, IP address, etc.)
  • Foreground application name and version, foreground process name and ID
  • Foreground application UI latency

Related Splunk Events

Citrix XenApp/XenDesktop Site

Citrix site monitoring requires uberAgent on at least one delivery controller per site. See the documentation for details.

Applications

The following fields are collected for each published application:

  • Application name and ID
  • Site name and ID
  • Desktop group name and ID
  • Application properties: is enabled, creation date, modification date, type
  • Admin folder
  • Tags

Desktops

The following fields are collected for each published desktop:

  • Desktop name and ID
  • Site name and ID
  • Desktop group name and ID
  • Desktop properties: is enabled, leasing behavior
  • Included and excluded users
  • Tags

Desktop Groups

The following fields are collected for each desktop group in a site:

  • Desktop group name and ID
  • Site name and ID
  • Desktop group properties: is remote PC, desktop kind, session support, delivery type, creation date, modification date
  • Tags

Licenses

The following fields are collected for each active license in a site:

  • Site name and ID
  • License server
  • Licenses available, overdraft, in use
  • License properties: product name, edition, license model, type, expiration, SA date

Machine Catalogs

The following fields are collected for each machine catalog in a site:

  • Catalog name and ID
  • Site name and ID
  • Catalog properties: provisioning type, persistent user changes, is machine physical, allocation type, session support, creation date, modification date

Machines

The following fields are collected for each machine in a site:

  • Machine name and ID
  • Site name and ID
  • Catalog name and ID
  • Desktop group name and ID
  • Load index
  • Registration state
  • Maintenance mode
  • VDA agent version
  • Associated user
  • Machine role (VDA or DDC)
  • Machine properties: creation date, modification date
  • Tags

Related Splunk Events

Applications

Application and Process Startup

The following fields are collected for each application or process that is being launched:

  • Startup duration
  • IOPS during startup
  • Application name and version
  • Process name
  • User and domain
  • Is the process running elevated (with admin privileges)?

Note: as with all other metrics process startup duration is recorded automatically without requiring any configuration.

If the configuration setting EnableExtendedInfo is enabled, the following metrics are collected, too:

  • Process ID
  • Parent process ID
  • RDS session ID
  • Process GUID (unique ID per process generated by uberAgent)
  • Session GUID (unique ID per RDS session generated by uberAgent)
  • Parent process name
  • Full path to the process executable in the file system
  • Full commandline the process was launched with

Related Splunk Events

Application and Process Performance

The following metrics are collected per application/process:

  • User and domain
  • Process name and ID
  • Process command line (optional)
  • Application name and version
  • CPU usage
  • RAM usage
  • GPU compute usage
  • GPU memory usage
  • Disk IO count, latency, volume, IOPS (read and write separately)
  • Network latency and throughput

Note: processes are auto-grouped into applications, i.e. the application name is determined automatically without requiring any configuration. The mechanism can be overridden for specific processes via the configuration file.

Related Splunk Events

Application UI Unresponsiveness

Whenever an application’s user interface is unresponsive for more than a few hundred milliseconds the following information is collected:

  • Application name (even for App-V, Java and modern UI / Metro apps)
  • Application version
  • Process name and ID
  • User and domain
  • Unresponsiveness duration
  • Related user session

Related Splunk Events

Application Crashes and Hangs

For every application error the following information is collected:

  • Application name and version
  • Process ID, GUID, name, path, version and timestamp
  • Process lifetime
  • User and domain
  • Related user session
  • Faulting module name, path version and timestamp
  • Exception code, fault offset,
  • App package full name and relative ID
  • Error type (crash or hang)

Related Splunk Events

Application Inventory and Usage

  • Application name (even for App-V, Java and modern UI / Metro apps)
  • Application version
  • Number of concurrent users (application usage metering)
  • Number of computers the application is run on
  • Number of (ICA/RDP/PCoIP) remoting clients the application was accessed from
  • Inventory (installation information like name, publisher, version, install date)

Related Splunk Events

Software Update

The following metrics are collected per update:

  • Name
  • Install date

Related Splunk Events

Computer Startup, Shutdown and Hibernation

Computer Startup (Machine Boot)

Computer startup duration includes:

  • Smss initialization
  • Autocheck (checkdisk)
  • Session 0 initialization
  • Session 1 initialization
  • Wininit initialization
  • Winlogon initialization
  • Autostart services

Related Splunk Events

Boot Processes

The following detailed information about each process running during the boot process is collected:

  • Process name, ID and parent ID
  • Relative start time and lifetime
  • Commandline
  • Disk IO count, latency and volume (read and write)
  • Associated user session ID

Related Splunk Events

Other On/Off Transitions

uberAgent records the duration of the following on/off transition events in addition to system boot:

  • Suspend
  • Resume
  • Shutdown

Related Splunk Events

On/Off Transition Delays

uberAgent records which components are responsible for delays during system boot, suspend, resume and shutdown. Components can be drivers, system services or applications. For each delay uberAgent collects:

  • Driver/service/application name
  • Driver/service/application version
  • Total duration
  • Degradation (how much longer it took than normal)

Related Splunk Events

Performance Counters

uberAgent can optionally collect the values of any Windows Performance Counters.

Related Splunk Events

uberAgent Licensing

Information on uberAgent licenses.

Related Splunk Events

Questions?

Do you have questions that were not answered here? Please ask us, we are happy to help!