Splunk Events and Source Types

This page lists the field names and source types for each type of event generated by uberAgent.

User Logon

Source type:
uberAgent:Logon:SessionLogonTime
Field list:
SessionGUID, SessionID, User, SessionLogonTime, PreLogonInitTimeMs, SiteName, LogonServer
Source type:
uberAgent:Logon:ProfileLoadTimeMs
Field list:
SessionGUID, SessionID, User, CitrixPMLoadTimeMs, ProfileLoadTimeMs
Source type:
uberAgent:Logon:GroupPolicyProcessingTimes
Field list:
SessionGUID, SessionID, User, GroupPolicyTotalProcessingTimeMs, DcDiscoveryTimeMs, LoopbackMode
Source type:
uberAgent:Logon:GroupPolicyCSEDetail
Field list:
SessionGUID, SessionID, User, CseName, CseDurationS, CseGPONames, CseReturnCode
Source type:
uberAgent:Logon:GroupPolicyLogonScriptTimeMs
Field list:
SessionGUID, SessionID, User, GroupPolicyLogonScriptTimeMs
Source type:
uberAgent:Logon:ADLogonScriptTimeMs
Field list:
SessionGUID, SessionID, User, ADLogonScriptTimeMs
Source type:
uberAgent:Logon:ShellStartupTimeMs
Field list:
SessionGUID, SessionID, User, ShellStartupTimeMs
Source type:
uberAgent:Logon:TotalLogonTimeMs
Field list:
SessionGUID, SessionID, User, TotalLogonTimeMs
Source type:
uberAgent:Logon:SessionEnd
Field list:
SessionGUID, SessionID, User, SessionEndTime, SessionDurationMs
Source type:
uberAgent:Logon:LogonPerformance
Field list:
ProcessStartCount, IOCountRead, IOCountWrite, IOMBRead, IOMBWrite, IOLatencyReadMs, IOLatencyWriteMs
Source type:
uberAgent:Process:LogonProcesses
Field list:
ProcName, ProcID, ProcParentName, ProcParentID, ProcUser, AppId, AppVersion, LogonProcType, ProcStartTimeRelativeMs, ProcLifetimeMs, ProcCmdline, ProcPath, ProcCPUTimeMs, ProcIOReadCount, ProcIOWriteCount, ProcIOReadMB, ProcIOWriteMB, ProcIOLatencyReadMs, ProcIOLatencyWriteMs, ProcWorkingSetMB, ProcNetKBPS, SessionGUID, SessionID, TotalLogonDurationMs, SortOrder

Internet Explorer Browser

Source type:
uberAgent:Application:BrowserPerformanceIE
Field list:
ProcID, ProcType, URL, CPUTimeMs, CPUPercent, IOPS, IOCount, IOMB, IOLatencyMs, WorkingSetMB, NetKBPS

Chrome Browser

Source type:
uberAgent:Application:BrowserPerformanceChrome
Field list:
ProcUser, ProcType, CPUTimeMs, CPUPercent, IOPS, IOCount, IOMB, IOLatencyMs, WorkingSetMB, NetKBPS

Microsoft Outlook

Source type:
uberAgent:Application:OutlookPluginLoad
Field list:
Name, ProgID, GUID, LoadBehavior, HKLM, BootTimeMs

Machine

Source type:
uberAgent:System:GpuUsage
Field list:
DisplayAdapterName, MemorySharedMB, MemoryDedicatedMB, MemorySharedPercent, MemoryDedicatedPercent, ComputeUsagePercentAllEngines, ComputeUsagePercentEngine0, ComputeUsagePercentEngine1, ComputeUsagePercentEngine2, ComputeUsagePercentEngine3, ComputeUsagePercentEngine4, ComputeUsagePercentEngine5, ComputeUsagePercentEngine6, ComputeUsagePercentEngine7, ComputeUsagePercentEngine8, ComputeUsagePercentEngine9, ComputeUsagePercentEngine10, ComputeUsagePercentEngine11
Source type:
uberAgent:System:MachineInventory
Field list:
OsName, OsSpName, OsVersion, OsBuild, OsArchitecture, OsSpVersion, OsType, OsInstallDate, HwManufacturer, HwModel, HwBiosVersion, AdDomainDns, AdDomainNetBios, AdSite, AdOu, ComputerNameDn, ComputerNameCanonical, CtxFarmName, CtxMachineCatalogName, CtxDeliveryGroupName, Ipv4Address, NetworkAdapterName, NetworkAdapterDescription
Source type:
uberAgent:System:SmbClient
Field list:
SharePath, IOPSRead, IOPSWrite, IOPSMetadata, IOCountRead, IOCountWrite, IOCountMetadata, IOMBRead, IOMBWrite, IOLatencyMsRead, IOLatencyMsWrite
Source type:
uberAgent:System:SystemPerformanceSummary
Field list:
CPUUsagePercent, RAMUsagePercent, RAMUsageGB, IOPSRead, IOPSWrite, IOCountRead, IOCountWrite, IOMBRead, IOMBWrite, IOLatencyMsRead, IOLatencyMsWrite, IOPercentDiskTime, NetUtilizationPercent, KernelPagedMB, KernelNonPagedMB, HandleCount, ThreadCount

Network Target

Source type:
uberAgent:Process:NetworkTargetPerformance
Field list:
ProcName, ProcUser, NetTargetRemoteAddress, NetTargetRemoteName, NetTargetRemotePort, NetTargetSendCount, NetTargetReceiveCount, NetTargetConnectCount, NetTargetSendKBPS, NetTargetReceiveKBPS, NetTargetSendMB, NetTargetReceiveMB, NetTargetSendLatencyMs, NetTargetProtocols, NetTargetSendLatencyCount, AppId

Session

Source type:
uberAgent:Session:SessionCount
Field list:
SessionCount
Source type:
uberAgent:Session:SessionDetail
Field list:
SessionID, SessionLogonTime, SessionProtocol, SessionConnectionState, SessionProcessCount, SessionCPUTimeMs, SessionCPUUsagePercent, SessionIOPS, SessionIOCount, SessionIOMB, SessionIOLatencyMs, SessionWorkingSetMB, SessionNetKBPS, SessionUser, SessionGUID, SessionRpLatencyMs, SessionClientMac, SessionClientIp, SessionClientName, SessionClientDomain, SessionClientUser, SessionClientUserDomain, SessionHRes, SessionVRes, SessionColorDepth, SessionClientPlatform, SessionClientVersion, SessionClientOsLanguage, SessionPublishedName, SessionPublishedAppsCtx, SessionAppStateCtx, SessionEncryptionCtx, SessionClientTypeCtx, SessionBrokerDnsVmw, SessionBrokerUrlVmw, SessionBrokerTunneledVmw, SessionBrokerTunnelUrlVmw, SessionBrokerRemoteIpVmw, SessionBrokerUserVmw, SessionBrokerDomainVmw, SessionClientTimezoneVmw, SessionClientIdVmw, SessionTypeVmw, SessionBrokerType, SessionFgAppId, SessionFgAppVersion, SessionFgProcessName, SessionFgProcessId, SessionFgAppUILatencyUs

Application

Source type:
uberAgent:Application:ApplicationInventory
Field list:
DisplayName, DisplayVersion, Publisher, InstallDate, Language, IsMsiPackage, IsMachineInstall, InstallLocation
Source type:
uberAgent:Application:ApplicationUsage
Field list:
AppName, UserName, AppVersion, RemotingClientName
Source type:
uberAgent:Application:AppNameIdMapping
Field list:
AppName, AppId
Source type:
uberAgent:Application:Errors
Field list:
ErrorType, ProcName, ProcPath, ProcVersion, ProcTimestamp, ModuleName, ModulePath, ModuleVersion, ModuleTimestamp, ProcID, ProcLifetimeMs, ExceptionCode, FaultOffset, AppPackageFullName, AppPackageRelativeId, AppId, ProcUser, SessionGUID, ProcGUID
Source type:
uberAgent:Application:UIDelay
Field list:
AppId, AppVersion, ProcessName, ProcessId, UIDelayMs, User, SessionGUID

Process

Source type:
uberAgent:Process:ProcessDetail
Field list:
ProcName, ProcCPUTimeMs, ProcCPUPercent, ProcIOPSRead, ProcIOPSWrite, ProcIOReadCount, ProcIOWriteCount, ProcIOReadMB, ProcIOWriteMB, ProcIOLatencyReadMs, ProcIOLatencyWriteMs, ProcWorkingSetMB, ProcNetKBPS, ProcUser, ProcGpuComputePercent, ProcGpuMemMB, AppId, AppVersion, ProcID, ProcCmdline, ProcGUID
Source type:
uberAgent:Process:ProcessStartup
Field list:
ProcName, ProcUser, StartupTimeMs, StartupIOPS, AppId, ProcID, ProcParentID, SessionID, ProcGUID, SessionGUID, ProcParentName, ProcPath, ProcCmdline, IsElevated

Software Update

Source type:
uberAgent:Application:SoftwareUpdateInventory
Field list:
Guid, DisplayName, ProductName, State, InstallDate

Computer Startup (System Boot)

Source type:
uberAgent:OnOffTransition:BootDetail
Field list:
KernelInitTimeMs, SmssInitTimeMs, AutoCheckTimeMs, Session0InitDurationMs, Session1InitDurationMs, WininitInitDurationMs, WinlogonInitDurationMs, AutostartServicesMs, ComputerStartupMs, MainPathBootTimeMs, PostBootTimeMs, TotalBootTimeMs, BootUID
Source type:
uberAgent:OnOffTransition:BootProcessDetail
Field list:
ProcessName, ProcessIOReadCount, ProcessIOWriteCount, ProcessIOReadMB, ProcessIOWriteMB, ProcessIOLatencyMs, BootUID
Source type:
uberAgent:OnOffTransition:BootProcesses
Field list:
ProcName, ProcID, ProcParentID, ProcStartTimeRelativeMs, ProcLifetimeMs, ProcCmdline, ProcIOReadCount, ProcIOWriteCount, ProcIOReadMB, ProcIOWriteMB, ProcIOLatencyReadMs, ProcIOLatencyWriteMs, SessionID, TotalBootDurationMs, SortOrder, BootUID

Other On/Off Transitions

Source type:
uberAgent:OnOffTransition:ShutdownDetail
Field list:
TotalShutdownTimeMs, UserSessionTimeMs, UserPolicyTimeMs, UserProfilesTimeMs, SystemSessionsTimeMs, PreShutdownNotificationsTimeMs, ServicesTimeMs, KernelTimeMs
Source type:
uberAgent:OnOffTransition:StandbyDetail
Field list:
EnterStandbyMs, ResumeFromStandbyMs

On/Off Transition Delays

Source type:
uberAgent:OnOffTransition:SlowAppStartup
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowAppShutdown
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowAppStandby
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowServiceStartup
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowServiceShutdown
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowServiceHybridStandby
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowDriverStartup
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowDriverShutdown
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowDriverStandby
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs, DeviceFriendlyName
Source type:
uberAgent:OnOffTransition:SlowDriverResume
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs, DeviceFriendlyName
Source type:
uberAgent:OnOffTransition:SlowUserPolicy
Field list:
Name, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowSMSSInit
Field list:
Name, TotalTimeMs, DegradationTimeMs

Performance Counters

Source type:
uberAgent:System:PerformanceCounter
Field list:
<CounterName>

uberAgent Licensing

Source type:
uberAgent:License:LicenseInfo
Field list:
LicensingState, LicenseId, LicenseCountTotal, LicensingModel, LicensingModelDetail, LicensingType, MaintenanceEnd, Expiration, LicensedComponents, ProductVersion

Questions?

Do you have questions that were not answered here? Please ask us, we are happy to help!