Splunk Events and Source Types

This page lists the field names and source types for each type of event generated by uberAgent.

Application

Source type:
uberAgent:Application:ApplicationInventory
Field list:
DisplayName, DisplayVersion, Publisher, InstallDate, Language, IsMsiPackage, IsMachineInstall, InstallLocation
Source type:
uberAgent:Application:ApplicationUsage
Field list:
AppName, UserName, AppVersion, RemotingClientName
Source type:
uberAgent:Application:AppNameIdMapping
Field list:
AppName, AppId
Source type:
uberAgent:Application:Errors
Field list:
ErrorType, ProcName, ProcPath, ProcVersion, ProcTimestamp, ModuleName, ModulePath, ModuleVersion, ModuleTimestamp, ProcID, ProcLifetimeMs, ExceptionCode, FaultOffset, AppPackageFullName, AppPackageRelativeId, AppId, ProcUser, SessionGUID, ProcGUID, AppVersion
Source type:
uberAgent:Application:UIDelay
Field list:
AppId, AppVersion, ProcessName, ProcessId, UIDelayMs, User, SessionGUID

Browser (Internet Explorer)

Source type:
uberAgent:Application:BrowserPerformanceIE
Field list:
ProcID, ProcType, URL, CPUTimeMs, CPUPercent, IOPS, IOCount, IOMB, IOLatencyMs, WorkingSetMB, NetKBPS

Browser (Chrome)

Source type:
uberAgent:Application:BrowserPerformanceChrome
Field list:
ProcUser, ProcType, CPUTimeMs, CPUPercent, IOPS, IOCount, IOMB, IOLatencyMs, WorkingSetMB, NetKBPS

Citrix XenApp/XenDesktop Site

Source type:
uberAgent:Citrix:Applications
Field list:
Id, Name, PublishedName, SiteName, SiteGuid, DesktopGroupId, DesktopGroupName, ApplicationType, Enabled, AdminFolder, LifecycleState, CreatedDate, ModifiedDate, Tags
Source type:
uberAgent:Citrix:Catalogs
Field list:
Id, Name, SiteName, SiteGuid, LifecycleState, ProvisioningType, PersistentUserChanges, IsMachinePhysical, AllocationType, SessionSupport, ProvisioningSchemeId, CreatedDate, ModifiedDate
Source type:
uberAgent:Citrix:Databases
Field list:
SiteName, SiteGuid, DataStore, IntegratedSecurity, MirrorServerAddress, Name, ServerAddress
Source type:
uberAgent:Citrix:DesktopGroups
Field list:
Id, Name, SiteName, SiteGuid, IsRemotePC, DesktopKind, LifecycleState, SessionSupport, DeliveryType, Tags, CreatedDate, ModifiedDate
Source type:
uberAgent:Citrix:Hypervisors
Field list:
Id, Name, SiteName, SiteGuid, LifecycleState
Source type:
uberAgent:Citrix:Licenses
Field list:
SiteName, SiteGuid, LicenseServer, LicenseProductName, LicenseEdition, LicenseExpirationDate, LicenseSubscriptionAdvantageDate, LicenseType, LicenseTypeLocalized, LicensesInUse, LicensesAvailable, LicenseOverdraft, LicenseModel
Source type:
uberAgent:Citrix:Machines
Field list:
Id, Sid, Name, NameHost, SiteName, SiteGuid, EffectiveLoadIndex, DnsName, LifecycleState, IPAddress, HostedMachineId, HostingServerName, HostedMachineName, IsAssigned, IsInMaintenanceMode, IsPendingUpdate, AgentVersion, AssociatedUserFullNames, AssociatedUserNames, AssociatedUserUPNs, CurrentRegistrationState, RegistrationStateChangeDate, LastDeregisteredCode, LastDeregisteredDate, CurrentPowerState, CurrentSessionCount, ControllerDnsName, PoweredOnDate, PowerStateChangeDate, FunctionalLevel, FailureDate, WindowsConnectionSetting, IsPreparing, FaultState, CatalogId, DesktopGroupId, HypervisorId, Hash, MachineRole, HypervisorDisplayName, CatalogDisplayName, DesktopGroupDisplayName, CreatedDate, ModifiedDate, Tags
Source type:
uberAgent:Citrix:PublishedDesktops
Field list:
Id, Name, PublishedName, SiteName, SiteGuid, DesktopGroupId, DesktopGroupName, BrowserName, ColorDepth, Description, Enabled, ExcludedUserFilterEnabled, ExcludedUsers, IncludedUserFilterEnabled, IncludedUsers, LeasingBehavior, RestrictToTag, SecureIcaRequired, SessionReconnection, Tags

Computer Startup (System Boot)

Source type:
uberAgent:OnOffTransition:BootDetail
Field list:
KernelInitTimeMs, SmssInitTimeMs, AutoCheckTimeMs, Session0InitDurationMs, Session1InitDurationMs, WininitInitDurationMs, WinlogonInitDurationMs, AutostartServicesMs, ComputerStartupMs, MainPathBootTimeMs, PostBootTimeMs, TotalBootTimeMs, BootUID
Source type:
uberAgent:OnOffTransition:BootProcessDetail
Field list:
ProcessName, ProcessIOReadCount, ProcessIOWriteCount, ProcessIOReadMB, ProcessIOWriteMB, ProcessIOLatencyMs, BootUID
Source type:
uberAgent:OnOffTransition:BootProcesses
Field list:
ProcName, ProcID, ProcParentID, ProcStartTimeRelativeMs, ProcLifetimeMs, ProcCmdline, ProcIOReadCount, ProcIOWriteCount, ProcIOReadMB, ProcIOWriteMB, ProcIOLatencyReadMs, ProcIOLatencyWriteMs, SessionID, TotalBootDurationMs, SortOrder, BootUID

Machine

Source type:
uberAgent:System:GpuUsage
Field list:
DisplayAdapterName, MemorySharedMB, MemoryDedicatedMB, MemorySharedPercent, MemoryDedicatedPercent, ComputeUsagePercentAllEngines, ComputeUsagePercentEngine0, ComputeUsagePercentEngine1, ComputeUsagePercentEngine2, ComputeUsagePercentEngine3, ComputeUsagePercentEngine4, ComputeUsagePercentEngine5, ComputeUsagePercentEngine6, ComputeUsagePercentEngine7, ComputeUsagePercentEngine8, ComputeUsagePercentEngine9, ComputeUsagePercentEngine10, ComputeUsagePercentEngine11, MemorySharedSizeMB, MemoryDedicatedSizeMB
Source type:
uberAgent:System:MachineInventory
Field list:
OsName, OsSpName, OsVersion, OsBuild, OsArchitecture, OsSpVersion, OsType, OsInstallDate, HwManufacturer, HwModel, HwBiosVersion, AdDomainDns, AdDomainNetBios, AdSite, AdOu, ComputerNameDn, ComputerNameCanonical, CtxFarmName, CtxMachineCatalogName, CtxDeliveryGroupName, Ipv4Address, NetworkAdapterName, NetworkAdapterDescription, RAMSizeGB, PowerSupportsConnectedStandby, PowerSupportsS1, PowerSupportsS2, PowerSupportsS3, PowerSupportsS4, PowerSupportsS5, IsUpsPresent, IsBatteryPresent, BatteryWearLevelPercent, CPUName, CPUSockets, CPUCoresPhysical, CPUCoresLogical, CPUMaxMhz, HwIsVirtualMachine
Source type:
uberAgent:System:DiskInventory
Field list:
Name, Enumerator, DiskNumber, CapacityMB, IsWritable, IsRemovable
Source type:
uberAgent:System:VolumeInventory
Field list:
Guid, DeviceName, Label, FileSystem, MountPoints, DiskNumbers, FreeMB, CapacityMB, UsedSpacePercent, PartitionStyle, IsSystemVolume, IsBootVolume, IsDirty
Source type:
uberAgent:System:SmbClient
Field list:
SharePath, IOPSRead, IOPSWrite, IOPSMetadata, IOCountRead, IOCountWrite, IOCountMetadata, IOMBRead, IOMBWrite, IOLatencyMsRead, IOLatencyMsWrite
Source type:
uberAgent:System:SystemPerformanceSummary
Field list:
CPUUsagePercent, RAMUsagePercent, RAMUsageGB, IOPSRead, IOPSWrite, IOCountRead, IOCountWrite, IOMBRead, IOMBWrite, IOLatencyMsRead, IOLatencyMsWrite, IOPercentDiskTime, NetUtilizationPercent, KernelPagedMB, KernelNonPagedMB, HandleCount, ThreadCount, IdlenessPercent

Microsoft Outlook

Source type:
uberAgent:Application:OutlookPluginLoad
Field list:
Name, ProgID, GUID, LoadBehavior, HKLM, BootTimeMs

Network Target

Source type:
uberAgent:Process:NetworkTargetPerformance
Field list:
ProcName, ProcUser, NetTargetRemoteAddress, NetTargetRemoteName, NetTargetRemotePort, NetTargetSendCount, NetTargetReceiveCount, NetTargetConnectCount, NetTargetSendKBPS, NetTargetReceiveKBPS, NetTargetSendMB, NetTargetReceiveMB, NetTargetSendLatencyMs, NetTargetProtocols, NetTargetSendLatencyCount, AppId, NetTargetReconnectCount, NetTargetRetransmitCount, AppVersion
Source type:
uberAgent:Application:NetworkConnectFailure
Field list:
AppId, AppVersion, ProcessName, ProcessId, User, SessionGUID, NetTargetRemoteAddress, NetTargetRemoteName, NetTargetRemotePort, NetTargetProtocols

On/Off Transition Delays

Source type:
uberAgent:OnOffTransition:SlowAppStartup
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowAppShutdown
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowAppStandby
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowServiceStartup
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowServiceShutdown
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowServiceHybridStandby
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowDriverStartup
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowDriverShutdown
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowDriverStandby
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs, DeviceFriendlyName
Source type:
uberAgent:OnOffTransition:SlowDriverResume
Field list:
Name, FriendlyName, Version, TotalTimeMs, DegradationTimeMs, DeviceFriendlyName
Source type:
uberAgent:OnOffTransition:SlowUserPolicy
Field list:
Name, TotalTimeMs, DegradationTimeMs
Source type:
uberAgent:OnOffTransition:SlowSMSSInit
Field list:
Name, TotalTimeMs, DegradationTimeMs

Other On/Off Transitions

Source type:
uberAgent:OnOffTransition:ShutdownDetail
Field list:
TotalShutdownTimeMs, UserSessionTimeMs, UserPolicyTimeMs, UserProfilesTimeMs, SystemSessionsTimeMs, PreShutdownNotificationsTimeMs, ServicesTimeMs, KernelTimeMs
Source type:
uberAgent:OnOffTransition:StandbyDetail
Field list:
EnterStandbyMs, ResumeFromStandbyMs

Performance Counters

Source type:
uberAgent:System:PerformanceCounter
Field list:
<CounterName>

Process

Source type:
uberAgent:Process:ProcessDetail
Field list:
ProcName, ProcCPUTimeMs, ProcCPUPercent, ProcIOPSRead, ProcIOPSWrite, ProcIOReadCount, ProcIOWriteCount, ProcIOReadMB, ProcIOWriteMB, ProcIOLatencyReadMs, ProcIOLatencyWriteMs, ProcWorkingSetMB, ProcNetKBPS, ProcUser, ProcGpuComputePercent, ProcGpuMemMB, AppId, AppVersion, ProcID, ProcCmdline, ProcGUID
Source type:
uberAgent:Process:ProcessStartup
Field list:
ProcName, ProcUser, StartupTimeMs, StartupIOPS, AppId, ProcID, ProcParentID, SessionID, ProcGUID, SessionGUID, ProcParentName, ProcPath, ProcCmdline, IsElevated, AppVersion

Session

Source type:
uberAgent:Session:SessionCount
Field list:
SessionCount
Source type:
uberAgent:Session:SessionDetail
Field list:
SessionID, SessionLogonTime, SessionProtocol, SessionConnectionState, SessionProcessCount, SessionCPUTimeMs, SessionCPUUsagePercent, SessionIOPS, SessionIOCount, SessionIOMB, SessionIOLatencyMs, SessionWorkingSetMB, SessionNetKBPS, SessionUser, SessionGUID, SessionRpLatencyMs, SessionClientMac, SessionClientIp, SessionClientName, SessionClientDomain, SessionClientUser, SessionClientUserDomain, SessionHRes, SessionVRes, SessionColorDepth, SessionClientPlatform, SessionClientVersion, SessionClientOsLanguage, SessionPublishedName, SessionPublishedAppsCtx, SessionAppStateCtx, SessionEncryptionCtx, SessionClientTypeCtx, SessionBrokerDnsVmw, SessionBrokerUrlVmw, SessionBrokerTunneledVmw, SessionBrokerTunnelUrlVmw, SessionBrokerRemoteIpVmw, SessionBrokerUserVmw, SessionBrokerDomainVmw, SessionClientTimezoneVmw, SessionClientIdVmw, SessionTypeVmw, SessionBrokerType, SessionFgAppId, SessionFgAppVersion, SessionFgProcessName, SessionFgProcessId, SessionFgAppUILatencyUs, SessionClientHwIdCtx

Software Update

Source type:
uberAgent:Application:SoftwareUpdateInventory
Field list:
Guid, DisplayName, ProductName, State, InstallDate

uberAgent Licensing

Source type:
uberAgent:License:LicenseInfo
Field list:
LicensingState, LicenseId, LicenseCountTotal, LicensingModel, LicensingModelDetail, LicensingType, MaintenanceEnd, Expiration, LicensedComponents, ProductVersion

User Logoff

Source type:
uberAgent:Logoff:GroupPolicyLogoffScriptTimeMs
Field list:
SessionGUID, SessionID, User, GroupPolicyLogoffScriptTimeMs
Source type:
uberAgent:Logoff:LogoffPerformance
Field list:
SessionGUID, SessionID, User, ProcessStartCount, IOCountRead, IOCountWrite, IOMBRead, IOMBWrite, IOLatencyReadMs, IOLatencyWriteMs
Source type:
uberAgent:Process:LogoffProcesses
Field list:
ProcName, ProcID, ProcParentName, ProcParentID, ProcUser, AppId, AppVersion, LogoffProcType, ProcStartTimeRelativeMs, ProcLifetimeMs, ProcCmdline, ProcPath, ProcIOReadCount, ProcIOWriteCount, ProcIOReadMB, ProcIOWriteMB, ProcIOLatencyReadMs, ProcIOLatencyWriteMs, ProcNetKBPS, SessionGUID, SessionID, TotalLogoffDurationMs, SortOrder
Source type:
uberAgent:Logoff:ProfileUnloadTimeMs
Field list:
SessionGUID, SessionID, User, ProfileUnloadTimeMs
Source type:
uberAgent:Logoff:SessionLogoffTime
Field list:
SessionGUID, SessionID, User, SessionLogoffTime
Source type:
uberAgent:Logoff:TotalLogoffTimeMs
Field list:
SessionGUID, SessionID, User, TotalLogoffTimeMs

User Logon

Source type:
uberAgent:Logon:ADLogonScriptTimeMs
Field list:
SessionGUID, SessionID, User, ADLogonScriptTimeMs
Source type:
uberAgent:Logon:GroupPolicyProcessingTimes
Field list:
SessionGUID, SessionID, User, GroupPolicyTotalProcessingTimeMs, DcDiscoveryTimeMs, LoopbackMode
Source type:
uberAgent:Logon:GroupPolicyCSEDetail
Field list:
SessionGUID, SessionID, User, CseName, CseDurationS, CseGPONames, CseReturnCode
Source type:
uberAgent:Logon:GroupPolicyLogonScriptTimeMs
Field list:
SessionGUID, SessionID, User, GroupPolicyLogonScriptTimeMs
Source type:
uberAgent:Logon:LogonPerformance
Field list:
ProcessStartCount, IOCountRead, IOCountWrite, IOMBRead, IOMBWrite, IOLatencyReadMs, IOLatencyWriteMs
Source type:
uberAgent:Process:LogonProcesses
Field list:
ProcName, ProcID, ProcParentName, ProcParentID, ProcUser, AppId, AppVersion, LogonProcType, ProcStartTimeRelativeMs, ProcLifetimeMs, ProcCmdline, ProcPath, ProcCPUTimeMs, ProcIOReadCount, ProcIOWriteCount, ProcIOReadMB, ProcIOWriteMB, ProcIOLatencyReadMs, ProcIOLatencyWriteMs, ProcWorkingSetMB, ProcNetKBPS, SessionGUID, SessionID, TotalLogonDurationMs, SortOrder
Source type:
uberAgent:Logon:ProfileLoadTimeMs
Field list:
SessionGUID, SessionID, User, CitrixPMLoadTimeMs, ProfileLoadTimeMs
Source type:
uberAgent:Logon:SessionEnd
Field list:
SessionGUID, SessionID, User, SessionEndTime, SessionDurationMs
Source type:
uberAgent:Logon:ResWmProcessingTimeMs
Field list:
SessionGUID, SessionID, User, ResWmProcessingTimeMs
Source type:
uberAgent:Logon:SessionLogonTime
Field list:
SessionGUID, SessionID, User, SessionLogonTime, PreLogonInitTimeMs, SiteName, LogonServer
Source type:
uberAgent:Logon:ShellStartupTimeMs
Field list:
SessionGUID, SessionID, User, ShellStartupTimeMs
Source type:
uberAgent:Logon:TotalLogonTimeMs
Field list:
SessionGUID, SessionID, User, TotalLogonTimeMs

Questions?

Do you have questions that were not answered here? Please ask us, we are happy to help!