uberAgent https://uberagent.com Windows, Citrix & VMware monitoring on Splunk Thu, 11 Oct 2018 21:15:39 +0000 en-US hourly 1 uberAgent Log Syntax Highlighter for Notepad++ https://uberagent.com/blog/uberagent-log-syntax-highlighter-for-notepad/ Thu, 11 Oct 2018 21:00:58 +0000 https://uberagent.com/?p=6790 We put a lot of effort into making uberAgent a product that just works. Install it on your endpoints, point it to your Splunk backend and the dashboards immediately populate with these great metrics. That is just the way any (enterprise) software should work. Sometimes, however, you might get to a point where you want...

The post uberAgent Log Syntax Highlighter for Notepad++ appeared first on uberAgent.

]]>
We put a lot of effort into making uberAgent a product that just works. Install it on your endpoints, point it to your Splunk backend and the dashboards immediately populate with these great metrics. That is just the way any (enterprise) software should work.

Sometimes, however, you might get to a point where you want to dig deeper and need more information about the product’s inner workings. In such a case, of course, uberAgent’s log file is your first stop.

uberAgent’s Log File Explained

uberAgent logs all of its actions and a great number of relevant system events (e.g., process starts, or logons). That gives you the opportunity to easily identify the root causes of problems (side note: those are most often caused by configuration issues that are typically very easy to spot in the log file).

To turn detailed logging on make sure you have the following option in uberAgent’s configuration (it is on by default):

[Miscellaneous]
debugMode = true

Log entries always have the same structure, explained in the following table:

Timestamp Severity Domain Machine Thread ID Source Message
Timestamp in the machine’s time zone Possible entries:
DEBUG, INFO, WARN, ERROR
The computer’s Active Directory domain The name of the computer account The ID of the thread that logged the message Message source. For example LicenseCheck or ReceiverStatistics Actual message to be logged

Here is an example:

2018-10-04 11:19:51.076 +0100,INFO ,VASTLIMITS,PC1$,4432,ReceiverStatistics,Splunk; localhost:19500 - Events in queue: 11961, queue size: 3073.1 KB, sent: 0, added to queue: 361, rejected from queue: 0

Timestamp = 2018-10-04 11:19:51.076 +0100
Severity  = INFO
Domain    = VASTLIMITS
Machine   = PC1
Thread ID = 4432
Source    = ReceiverStatistics
Message   = Splunk; localhost:19500 - Events in queue: 11961, queue size: 3073.1 KB, sent: 0, added to queue: 361, rejected from queue: 0

Finding The Cause More Easily

Even though we take great care to optimize the log for readability it is sometimes hard to find the needle in the haystack. That is why we created an uberAgent log syntax highlighter for Notepad++, our preferred text editor on Windows. It highlights the key information, making it easier to find what you are searching for.

Installing The Highlighter

  1. Download the highlighter and unpack it.
  2. Open Notepad++ and go to Language -> Define your language…
  3. Click on Import… and select the unpacked XML file.
  4. Restart Notepad++
  5. The uberAgent Log Syntax highlighter is now available as a language in Notepad++

Using The Highlighter

The new language does the following things:

  • It highlights the different severities in different colors
    • DEBUG = blue
    • INFO = green
    • WARNING = yellow
    • ERROR = red
  • It colors the separators comma and equal in grey
  • It highlights values enclosed in <> in red-brown

This should make troubleshooting with uberAgent’s log file a lot more convenient. Enjoy!

The post uberAgent Log Syntax Highlighter for Notepad++ appeared first on uberAgent.

]]>
uberAgent 5.1: Browser Performance & Usage for Internet Explorer, Too https://uberagent.com/blog/uberagent-5-1-browser-performance-web-app-usage-chrome-internet-explorer/ Wed, 12 Sep 2018 20:41:28 +0000 https://uberagent.com/?p=6183 We are happy to announce the newest version of our user experience and application performance monitoring product. uberAgent 5.1 brings new features and improvements for any kind of device. For a full list of all improvements and bugfixes please consult the changelog. As always, upgrading is highly recommended (instructions). Web App Metrics From Internet Explorer With...

The post uberAgent 5.1: Browser Performance & Usage for Internet Explorer, Too appeared first on uberAgent.

]]>
We are happy to announce the newest version of our user experience and application performance monitoring product. uberAgent 5.1 brings new features and improvements for any kind of device.

For a full list of all improvements and bugfixes please consult the changelog. As always, upgrading is highly recommended (instructions).

Web App Metrics From Internet Explorer

With version 5.0, we added functionalities to collect detailed information for page loads and background data transfers. Exactly what you need to analyze the performance of SaaS and web apps.

Our customers loved this feature! We started with support for Chrome and are now extending this to Internet Explorer, still one of the most used browsers in enterprises (support for Firefox and Edge to follow). The functionality requires a browser extension to be installed.

URL Blacklists and Whitelists

In addition to bringing web app monitoring to IE, we also added the ability to blacklist and whitelist URLs. uberAgent can track performance and usage metrics for any site, but sometimes that is too much. The new blacklisting and whitelisting capabilities let you specify exactly which websites you are interested in.

Web App Usage

uberAgent’s application usage metering feature helps a lot with resource planning, license compliance, and sizing. As more and more traditional Windows applications are replaced by SaaS and web apps, accessed from a browser, there is a need for similar visibility for web apps. We are more than happy to introduce just that in our newest version!

uberAgent has had application reporting capabilities for a long time. These show at which time or day applications are being used, how often and by which groups of users. When it comes to browsers, however, more insight is needed. Browsers may have dozens of concurrent tabs, each running a different web app. Knowing which tabs are used how often can be quite important for the business. Whenever a browser window is in the foreground, uberAgent determines the URL of the active tab. Combined with the other web app metrics this gives you perfect visibility of SaaS and website usage.

Other Improvements

Filtering

Filtering uberAgent’s Splunk dashboards is very useful to focus on a specific machine or user. uberAgent 5.1 introduces more flexible filtering by supplying appropriate search operators depending on the chosen filter field. uberAgent now offers the operators <, <=, =, >=, > for number fields, is and isNot for IP addresses and in and isNot for strings. Using in rather than is for strings enables you to search for multiple expressions, separated by commas.

An example:

filter username is "Dominik"

only searches for the user Dominik, while

filter username in (Dominik, Timm)

searches for the users Dominik and Timm.

Configuration file enhancements

We have implemented support for environment variables and regular expressions in all applicable configuration file sections allowing you to make more advanced configuration adjustments.

About uberAgent

uberAgent is a Windows user experience analytics and application performance monitoring product. Its highlights include detailed information about boot and logon duration (showing why and when boots/logons are slow), application unresponsiveness detection, network reliability drilldowns, process startup duration, application usage metering, browser performance per website and remoting protocol insights.

About vast limits

vast limits GmbH is the company behind uberAgent, the innovative user experience and application performance monitoring product. Our customer list includes organizations from industries like finance, healthcare, professional services and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.

Our founder, Helge Klein, is an experienced consultant and developer who architected the user profile management product whose successor is now available as Citrix Profile Management. In 2009 Helge received the Citrix Technology Professional (CTP) award, in 2011 he was nominated a Microsoft Most Valuable Professional (MVP), in 2014 he was a Splunk Revolution Award Winner, in 2015 he became a VMware vExpert. Helge frequently presents at conferences and user group events.

The post uberAgent 5.1: Browser Performance & Usage for Internet Explorer, Too appeared first on uberAgent.

]]>
Furthering Education, the Problem Solver #1 https://uberagent.com/blog/furthering-education-the-problem-solver-1/ Wed, 05 Sep 2018 18:59:33 +0000 https://uberagent.com/?p=5067 We believe in education. We believe that learning and knowledge make people more tolerant, more objective, and more understanding. In other words: we believe that education not only makes the world a better place but in the long term is the most effective way to achieve that goal. This belief is reflected in our company...

The post Furthering Education, the Problem Solver #1 appeared first on uberAgent.

]]>
We believe in education. We believe that learning and knowledge make people more tolerant, more objective, and more understanding. In other words: we believe that education not only makes the world a better place but in the long term is the most effective way to achieve that goal.

This belief is reflected in our company motto, coined by Mark Twain:

Education: that which reveals to the wise, and conceals from the stupid, the vast limits of their knowledge.

Why Education?

A good education stimulates a child’s natural curiosity, the desire to learn and to discover the world. It enables us to reach our full potential, to challenge traditional viewpoints while at the same time better understanding them. In short: education makes us better humans – humans that strive to make the world a better place. Educated people have the means to do so. They have the necessary understanding of how the world works that is required to implement much-needed changes.

Education is the key to solving almost all of today’s pressing problems, including, but not limited to: climate change, poverty, diseases, inequality, nationalism, fundamentalism, and so on. There is simply no way around education. It is the only solution that works long-term.

How vast limits Helps

vast limits is dedicated to making the world a better place – in many different ways. As a company, we are offering uberAgent, a product that helps organizations improve the user experience of their IT systems. As employees, we enjoy a work culture based on individual freedom and mutual respect. As human beings, we donate to charity organizations whose purpose is the furthering of education.

In 2018 we will be donating significant amounts to the following charities:

Bampangi Ya Mono

Bampangi ya mono (“my brothers”) builds schools, wells, and community centers in the Democratic Republic of the Congo.

burundikids

burundikids aims to give kids in Burundi a chance at a worthwhile future.

Clave de Sol

Clave de Sol (“treble clef”) supports children in the Brazilian favela Sao Marcos, near Ittapecarica da Serra.

VIA / Actuar por Bolívar

Actuar por Bolívar supports family-owned businesses in Colombia with micro-credits and know-how.

SOS Children’s Villages

SOS Children’s Villages works to protect and care for children who have lost parental care, or who stand at risk of losing it – worldwide.

The post Furthering Education, the Problem Solver #1 appeared first on uberAgent.

]]>
Webinar: Deep-Dive Into Web App UX Monitoring https://uberagent.com/blog/webinar-deep-dive-into-web-app-ux-monitoring/ https://uberagent.com/blog/webinar-deep-dive-into-web-app-ux-monitoring/#comments Thu, 23 Aug 2018 14:21:04 +0000 https://uberagent.com/?p=6135 uberAgent is one of the very few tools available that provide visibility into the user experience and performance of web-based SaaS applications. Helge Klein, Citrix CTP, ex Microsoft MVP & VMware vExpert will be explaining how that works and why you need it in an upcoming webinar hosted by xenappblog.com: deep-dive into web app UX...

The post Webinar: Deep-Dive Into Web App UX Monitoring appeared first on uberAgent.

]]>
uberAgent is one of the very few tools available that provide visibility into the user experience and performance of web-based SaaS applications. Helge Klein, Citrix CTP, ex Microsoft MVP & VMware vExpert will be explaining how that works and why you need it in an upcoming webinar hosted by xenappblog.com: deep-dive into web app UX monitoring with uberAgent.

  • Application usage: do you know which SaaS apps your users spend most of their time in?
  • Performance: are your browser-based apps loading fast enough?
  • Troubleshooting: can you pinpoint web app responsiveness problems?

In this deep-dive session, you will learn how to answer all of the above with uberAgent. Register now!

The post Webinar: Deep-Dive Into Web App UX Monitoring appeared first on uberAgent.

]]>
https://uberagent.com/blog/webinar-deep-dive-into-web-app-ux-monitoring/feed/ 2
Using uberAgent With Splunk Free Successfully https://uberagent.com/blog/using-uberagent-with-splunk-free-successfully/ Tue, 17 Jul 2018 11:50:03 +0000 https://uberagent.com/?p=5199 Splunk Enterprise and uberAgent is a winning combination to get visibility in end-user experience. However, for your lab or demo environment, Splunk Enterprise might be a little bit oversized. Gladly, we have Splunk Free as an alternative which gives you 500 MB indexing volume per day at no charge. Sadly, there is one feature which...

The post Using uberAgent With Splunk Free Successfully appeared first on uberAgent.

]]>
Splunk Enterprise and uberAgent is a winning combination to get visibility in end-user experience. However, for your lab or demo environment, Splunk Enterprise might be a little bit oversized. Gladly, we have Splunk Free as an alternative which gives you 500 MB indexing volume per day at no charge. Sadly, there is one feature which Splunk Free lacks: saved searches. Find out how to dodge the limitation in this article.

The problem

uberAgent relies on Splunk lookup tables, to enrich parts of its data. In Splunk Enterprise, these lookup tables are generated by saved searches, stored in uberAgent’s savedsearches.conf. Unfortunately, Splunk Free does not support saved searches. We already have a KB article online that explains how to run the searches manually to prevent empty or faulty dashboards.

uberAgent’s “Application Startup” dashboard without saved searches on Splunk Free

The solution

Doing things manually is always a bad idea. It is time-consuming and error-prone. Hence I automated it with a scheduled task, PowerShell, and Splunk’s REST API. The script gets executed by a scheduled task on a specified interval and then runs the needed searches via Splunk’s REST APIs against your Splunk Free server.

The PowerShell script accepts two parameters.

  1. Server to configure the Splunk server. The default is localhost.
  2. Earliest to configure the time range. The default is last seven days.
<# 
.SYNOPSIS 
Run searches against Splunk Free REST API to create lookup tables required by uberAgent 
.PARAMETER Server
Splunk server. Default is localhost. 
.PARAMETER Earliest
Time range. Default is last seven days.
.EXAMPLE .\Invoke-uberAgentSearches.ps1
Invokes uberAgent searches against the server localhost for the time range of seven days.
.EXAMPLE .\Invoke-uberAgentSearches.ps1 -Server 'MySplunkServer' -Earliest '-1d'
Invokes uberAgent searches against the server MySplunkServer for the time range of one day.
.NOTES
Script: Invoke-uberAgentSearches.ps1
Author: Dominik Britz, vast limits GmbH 
uberagent.com
#>

#region parameters

Param
(
    # Splunk server. Default is localhost.
    [Parameter(Mandatory=$false)]
    [ValidateNotNullOrEmpty()]
    [string]$Server = 'localhost',

    # Time range. Default is last seven days.
    [Parameter(Mandatory=$false)]
    [ValidateNotNullOrEmpty()]
    [string]$Earliest = '-7d'
)

#endregion

#region variables

[string]$Uri = "http://${Server}:8089/services/search/jobs/export"

#endregion

#region main

[array]$Searches = @(
    'search index=`uberAgent_index` sourcetype=uberAgent:Application:AppNameIdMapping AppId=* AppName=* | stats latest(_time) as _time mode(AppName) as AppName by AppId | inputlookup append=t lookup_appnameidmapping | stats latest(_time) as _time latest(AppName) as AppName by AppId | eval TimeDelta=now()-_time | search TimeDelta<31536000 | fields AppName AppId _time | outputlookup lookup_appnameidmapping'
    'search index=`uberAgent_index` (sourcetype=uberAgent:System:MachineInventory OR sourcetype=uberAgent:System:NetworkConfigInformation) OsVersion=* | stats latest(_time) as _time latest(OsVersion) as OsVersion latest(OsBuild) as OsBuild latest(OsType) as OsType latest(AdDomainDns) as AdDomainDns latest(AdSite) as AdSite latest(AdOu) as AdOu latest(CtxFarmName) as CtxFarmName latest(CtxMachineCatalogName) as CtxMachineCatalogName latest(CtxDeliveryGroupName) as CtxDeliveryGroupName latest(HwManufacturer) as HwManufacturer latest(HwModel) as HwModel values(NetworkConfigIPv4) as NetworkConfigIPv4 by host | inputlookup append=t lookup_hostinfo | fields - Ipv4Address | stats latest(_time) as _time latest(OsVersion) as OsVersion latest(OsBuild) as OsBuild latest(OsType) as OsType latest(AdDomainDns) as AdDomainDns latest(AdSite) as AdSite latest(AdOu) as AdOu latest(CtxFarmName) as CtxFarmName latest(CtxMachineCatalogName) as CtxMachineCatalogName latest(CtxDeliveryGroupName) as CtxDeliveryGroupName latest(HwManufacturer) as HwManufacturer latest(HwModel) as HwModel values(NetworkConfigIPv4) as Ipv4Address by host | eval TimeDelta=now()-_time | search TimeDelta<31536000 | fields host OsVersion OsBuild OsType AdDomainDns AdSite AdOu CtxFarmName CtxMachineCatalogName CtxDeliveryGroupName HwManufacturer HwModel Ipv4Address _time | outputlookup lookup_hostinfo'
    'search index=`uberAgent_index` sourcetype=uberAgent:System:MachineInventory RAMSizeGB=* | stats latest(_time) as _time latest(RAMSizeGB) as RAMSizeGB latest(IsBatteryPresent) as IsBatteryPresent latest(CPUName) as CPUName latest(CPUSockets) as CPUSockets latest(CPUCoresPhysical) as CPUCoresPhysical latest(CPUCoresLogical) as CPUCoresLogical latest(CPUMaxMhz) as CPUMaxMhz latest(HwIsVirtualMachine) as HwIsVirtualMachine latest(OsUpdateBuildRevision) as OsUpdateBuildRevision by host | inputlookup append=t lookup_hostinfo2 | stats latest(_time) as _time latest(RAMSizeGB) as RAMSizeGB latest(IsBatteryPresent) as IsBatteryPresent latest(CPUName) as CPUName latest(CPUSockets) as CPUSockets latest(CPUCoresPhysical) as CPUCoresPhysical latest(CPUCoresLogical) as CPUCoresLogical latest(CPUMaxMhz) as CPUMaxMhz latest(HwIsVirtualMachine) as HwIsVirtualMachine latest(OsUpdateBuildRevision) as OsUpdateBuildRevision by host | eval TimeDelta=now()-_time | search TimeDelta<31536000 | fields host RAMSizeGB IsBatteryPresent CPUName CPUSockets CPUCoresPhysical CPUCoresLogical CPUMaxMhz HwIsVirtualMachine OsUpdateBuildRevision _time | outputlookup lookup_hostinfo2'
    '| pivot uberAgent Process_ProcessStartup latest(_time) as LastSeen splitrow ProcName | eval ProcName = lower (ProcName) | inputlookup append=t lookup_processstartup_processlist | stats first(LastSeen) as LastSeen by ProcName | eval LastSeen = round (strptime (LastSeen, "%Y-%m-%dT%H:%M:%S.%Q%z"), 0) | eval TimeDelta=now()-LastSeen | search TimeDelta<31536000 | fields ProcName LastSeen | outputlookup lookup_processstartup_processlist'
    '| pivot uberAgent Process_NetworkTargetPerformance latest(_time) as LastSeen splitrow NetTargetRemoteNameAddress | eval ProcName = lower (NetTargetRemoteNameAddress) | inputlookup append=t lookup_networktargetperformance_targetlist | stats first(LastSeen) as LastSeen by NetTargetRemoteNameAddress | eval LastSeen = round (strptime (LastSeen, "%Y-%m-%dT%H:%M:%S.%Q%z"), 0) | eval TimeDelta=now()-LastSeen | search TimeDelta<31536000 | fields NetTargetRemoteNameAddress LastSeen | outputlookup lookup_networktargetperformance_targetlist'
)

Foreach ($Search in $Searches)
{
    $Body = @{
        search = $Search
        output_mode = 'json'
        earliest = $Earliest
    } 
    Try
    {
        Invoke-RestMethod -Method Post -Uri $Uri -Body $Body
    }
    Catch 
    {
        Write-Error -Message $_
    }
}

#endregion

Please note, the included searches are for uberAgent 5.0.1. They might change in the future, hence always check our KB article first!

Save this script somewhere. Then create and configure the scheduled task. Of course, you can use PowerShell for this. Just customize the variables in the following script to your needs and run it. I decided to run the task weekly on Sunday at 10:00 PM on my Splunk Free server. This aligns perfectly with the Invoke-uberAgentSearches.ps1 scripts’ default time range for the last seven days.

#Requires -RunAsAdministrator
$ScriptPath = 'C:\Scripts\Invoke-uberAgentSearches.ps1'
$WeekDay = 'Sunday'
$Time = '10:00PM'
$TaskName = 'Invoke uberAgent searches'

Try
{
   $Action = New-ScheduledTaskAction -Execute 'PowerShell.exe' -Argument "-NoProfile -WindowStyle Hidden -File `"$ScriptPath`""
   $Trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek $WeekDay -At $Time

   Register-ScheduledTask -Action $Action -Trigger $Trigger -TaskName $TaskName -User 'SYSTEM'
}
Catch
{
   Write-Error -Message $_
}

Hint: if your Splunk Free server does not have a valid SSL certificate installed, do not forget to allow communication via http.

Your benefit

The result is an always ready for the job Splunk Free environment for your lab. By the way, this aligns perfectly with our free one-year community edition!

uberAgent’s “Application Startup” dashboard with saved searches on Splunk Free

The post Using uberAgent With Splunk Free Successfully appeared first on uberAgent.

]]>
Announcing Free Community Licenses https://uberagent.com/blog/announcing-free-community-licenses/ Fri, 08 Jun 2018 15:39:43 +0000 https://uberagent.com/?p=4562 We are committed to supporting the IT community. We sponsor user groups and encourage our employees to engage, which they do enthusiastically by blogging, speaking at conferences and even organizing local meetups. Now we are adding something else entirely: free licenses. Free Community Licenses Starting immediately, we are offering free community licenses for up to...

The post Announcing Free Community Licenses appeared first on uberAgent.

]]>
We are committed to supporting the IT community. We sponsor user groups and encourage our employees to engage, which they do enthusiastically by blogging, speaking at conferences and even organizing local meetups. Now we are adding something else entirely: free licenses.

Free Community Licenses

Starting immediately, we are offering free community licenses for up to 100 users.

Where’s the catch? There is none! This offer is not limited in any way, and it is open to everybody, both individuals, and organizations.

Please understand that it’s not allowed to use the free community license in combination with commercial licenses.

How Does It Work?

The process is quite simple:

  • Community licenses are one-year term licenses for up to 100 users
  • There is no limit on consecutive terms. After year one you can get a second year’s license, and so on.
  • To request your free community license fill out the license request form

That’s it. Enjoy!

The post Announcing Free Community Licenses appeared first on uberAgent.

]]>
uberAgent Masterclass at E2EVC Amsterdam https://uberagent.com/blog/uberagent-masterclass-at-e2evc-amsterdam/ Thu, 31 May 2018 22:50:57 +0000 https://uberagent.com/?p=4611 We will be hosting an uberAgent masterclass at the E2EVC community conference in Amsterdam next week. E2EVC is the perfect place to learn from and network with your fellow end-user computing geek. The amount of brainpower that comes together for E2EVC several times a year in Europe, the USA, Asia and/or Africa is staggering. What...

The post uberAgent Masterclass at E2EVC Amsterdam appeared first on uberAgent.

]]>
We will be hosting an uberAgent masterclass at the E2EVC community conference in Amsterdam next week. E2EVC is the perfect place to learn from and network with your fellow end-user computing geek. The amount of brainpower that comes together for E2EVC several times a year in Europe, the USA, Asia and/or Africa is staggering. What better place for a deep-dive technical uberAgent training?

Masterclass Agenda

We have content for anybody with a solid background in end-user computing. If you are new to uberAgent you will get a thorough technical architecture overview. If you are already experienced in the product you should enjoy the deep-dives. Along the way, we want to hear about your monitoring requirements. And, as always, we are very open to feature requirements.

The specific topics to be covered are subject to change depending on the attendees’ interests. Following are some of the areas we hope to cover:

  • Architecture overview
  • Architecture deep-dive
    • How we collect user data
    • How we collect browser performance data
    • How we collect Citrix site data
    • Multi-tenancy
    • Username encryption
  • Installation
  • Configuration
  • Adding custom metrics
    • Performance counters
    • Custom scripts
  • Logging
  • Dashboards
    • uberAgent’s Splunk data model
    • Custom dashboards
    • Custom lookups

Registration

No registration necessary. Just make sure you are registered for E2EVC and show up for the masterclass at 10:00 am on Saturday.

See you soon!

The post uberAgent Masterclass at E2EVC Amsterdam appeared first on uberAgent.

]]>
Monitoring User Profile Sizes With uberAgent https://uberagent.com/blog/monitor-user-profile-sizes-with-uberagent/ Tue, 29 May 2018 13:20:38 +0000 https://uberagent.com/?p=4513 The size of user profiles is critical for logon performance, especially in SBC and VDI environments. Bloated profiles lead to slow logons and therefore unhappy users. Here is how to stay on track with your users’ profile sizes with uberAgent’s powerful script execution engine and Splunk. If you are new to uberAgent’s script execution engine...

The post Monitoring User Profile Sizes With uberAgent appeared first on uberAgent.

]]>
The size of user profiles is critical for logon performance, especially in SBC and VDI environments. Bloated profiles lead to slow logons and therefore unhappy users. Here is how to stay on track with your users’ profile sizes with uberAgent’s powerful script execution engine and Splunk.

If you are new to uberAgent’s script execution engine I recommend reading my colleague’s blog article first. It contains all the information you need to get started.

Monitoring Options and Realisation Methods

You have two options for calculating user profile sizes:

  1. On the local computer and for the current user(s) only
  2. On the file server which hosts a user profile file share for all users

Which option you choose is up to you. We will cover both below.

1. Local Computer

This option is best for fat clients and notebooks, where users typically work with local profiles. The script will be executed by uberAgent on the user’s machine.

I decided to use PowerShell for the job. Below is the script. It gets the profile size and returns the username as well as the size in bytes as a key-value pair.

[Hashtable]$Output = @{}
$ProfileSize = Get-ChildItem -Path $(Join-Path 'C:\Users' $env:USERNAME) -Recurse -Force -ErrorAction SilentlyContinue | Measure-Object -Sum Length
$Output = @{
   'UserName' = $env:USERNAME
   'ProfileSize' = $($ProfileSize.Sum)
}
Write-Output $($Output.Keys.ForEach({"$_=$($Output.$_)"}) -join ' ')

Here is the output for my notebook:

UserName=domin ProfileSize=112288349557

I configured a new timer in the uberAgent configuration, which executes the script every 60 minutes (3600000 milliseconds) in the user’s context. 60 minutes should be sufficient to gather every user at least once per day but also keep the amount of data sent to Splunk small. I also added a start delay of 5 minutes which should be enough to ensure logon profile processing is finished.

############################################
# Timer 10
############################################
[Timer]
Name           = User profile size
Interval       = 3600000
Start delay    = 300000
Script         = powershell.exe -executionpolicy bypass -file "C:\Program Files\vast limits\uberAgent\Scripts\Get-UserProfileSize.ps1"
ScriptContext  = UserSessionAsUser

In addition to local computers, the script can also be used on terminal servers. uberAgent executes it for each user session and thus determines the profile size for each logged on user.

2. User Profile Share

This option is best for SBC and VDI environments, where users often work with roaming profiles stored on a file server. The script needs to be executed on the file server, hence you have to install uberAgent on it. The script will then enumerate all profile directories and return their names and sizes as key-value pairs. You can also use it to monitor the size of redirected user data if you are using folder redirection.

Again, I used PowerShell. The script is a little bit more complex for this option.

PARAM
(
    [Parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    [string]$Share
)

[Hashtable]$Output = @{}
Get-ChildItem -Path $Share | ForEach-Object -Process {
    $DirectorySize = Get-ChildItem -Path $PSItem.FullName -Recurse -Force -ErrorAction SilentlyContinue | Measure-Object -Sum Length
    $Output = @{
       'DirectoryName' = $($PSItem.Name)
       'DirectorySize' = $($DirectorySize.Sum)
    }
    Write-Output $($Output.Keys.ForEach({"$_=$($Output.$_)"}) -join ' ')
}

You can find a sample output below. This could easily be extended with further useful information like the directory’s last modified timestamp.

DirectoryName=user01 DirectorySize=112288349557
DirectoryName=user02 DirectorySize=1065937039508
DirectoryName=user03 DirectorySize=956380045

The configuration entry looks slightly different this time. I chose an interval of once per day, start delay is not needed and the script context has to be SYSTEM. Note that the script expects a parameter for the file share.

############################################
# Timer 10
############################################
[Timer]
Name           = User profile sizes
Interval       = 86400000
Script         = powershell.exe -executionpolicy bypass -file "C:\Program Files\vast limits\uberAgent\Scripts\Get-SubdirectorySizes.ps1" -Share "\\fileserver\profileshare"
ScriptContext  = Session0AsSystem

Purify The Data

The Splunk search result for the first option looks as follows:

However, the profile size in bytes is not very user-friendly. With Splunk’s powerful Search Processing Language, we can convert bytes to gigabytes.

index=uberAgent sourcetype="uberagent:script:user profile size" | eval ProfileSizeGB = round(ProfileSize / (1024*1024*1024),2) | table UserName ProfileSizeGB

Conclusion

Determining user profile sizes is another great example of uberAgent’s script execution engine. You are not limited to the dashboards we ship by default but can extend your monitoring solution as you want.

The post Monitoring User Profile Sizes With uberAgent appeared first on uberAgent.

]]>
uberAgent 5.0.1: Splunk 7.1, Data Model Acceleration Auto-Skewing https://uberagent.com/blog/uberagent-5-0-1-splunk-7-1-data-model-acceleration-auto-skewing/ Thu, 03 May 2018 20:45:56 +0000 https://uberagent.com/?p=4283 We are happy to announce the newest version of our user experience and application performance monitoring product. uberAgent 5.0.1 adds support for Splunk 7.1 and brings many other improvements. For a full list of changes, please consult the release notes. As always, upgrading is highly recommended (instructions). Splunk 7.1 uberAgent now fully supports the significant user...

The post uberAgent 5.0.1: Splunk 7.1, Data Model Acceleration Auto-Skewing appeared first on uberAgent.

]]>
We are happy to announce the newest version of our user experience and application performance monitoring product. uberAgent 5.0.1 adds support for Splunk 7.1 and brings many other improvements.

For a full list of changes, please consult the release notes. As always, upgrading is highly recommended (instructions).

Splunk 7.1

uberAgent now fully supports the significant user interface updates Splunk introduced in version 7.1.

Data Model Acceleration Auto-Skewing

This is something we are particularly proud of: “our” first feature suggestion got implemented in Splunk Enterprise.

uberAgent makes extensive use of accelerated data models for greatly enhanced dashboard search speed (for details see the blog posts to Helge’s Splunk .conf 2015 session).

Put simply, when a data model is accelerated, an additional index is built that is populated by searches that run every five minutes. Without the new auto-skewing feature, all data model acceleration searches were scheduled to run at exactly the same time, which would fail due to concurrency limitations. With version 7.1 Splunk learned to distribute the acceleration searches across the available time range. This promises to effectively get rid of skipped searches – and we are very happy to report that it does exactly that!

Auto-skewing is now enabled for uberAgent’s data model. It causes a (harmless) warning message on Splunk versions prior to 7.1 during a restart of Splunkd. To remove that, simply comment out the setting acceleration.allow_skew in datamodels.conf.

About uberAgent

uberAgent is a Windows user experience analytics and application performance monitoring product. Its highlights include detailed information about boot and logon duration (showing why and when boots/logons are slow), application unresponsiveness detection, network reliability drilldowns, process startup duration, application usage metering, browser performance per website and remoting protocol insights.

About vast limits

vast limits GmbH is the company behind uberAgent, the innovative user experience and application performance monitoring product. Our customer list includes organizations from industries like finance, healthcare, professional services and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.

Our founder, Helge Klein, is an experienced consultant and developer who architected the user profile management product whose successor is now available as Citrix Profile Management. In 2009 Helge received the Citrix Technology Professional (CTP) award, in 2011 he was nominated a Microsoft Most Valuable Professional (MVP), in 2014 he was a Splunk Revolution Award Winner, in 2015 he became a VMware vExpert. Helge frequently presents at conferences and user group events.

The post uberAgent 5.0.1: Splunk 7.1, Data Model Acceleration Auto-Skewing appeared first on uberAgent.

]]>
Monitoring Windows 10 Update Status https://uberagent.com/blog/monitoring-windows-10-update-state/ Tue, 27 Mar 2018 12:55:56 +0000 https://uberagent.com/?p=3950 Not too long ago it was next to impossible to determine a machine’s exact patch state. That changed with Microsoft’s move to the rollup model. Making patches exclusively available as cumulative monthly bundles enforces a linear update sequence, the current state of which can be represented by a single number, the UBR (update build revision)....

The post Monitoring Windows 10 Update Status appeared first on uberAgent.

]]>
Not too long ago it was next to impossible to determine a machine’s exact patch state. That changed with Microsoft’s move to the rollup model. Making patches exclusively available as cumulative monthly bundles enforces a linear update sequence, the current state of which can be represented by a single number, the UBR (update build revision).

What It Was Like Before the Monthly Rollups

For decades, Microsoft had been releasing patches individually. That offered choice, and – seemingly – stability. When a customer noticed a problem with a specific component, they could install patches for that component only, leaving the rest of the system unchanged – at least in theory.

In practice, there are many interdependencies between services, DLLs and the like. Making a change to one often requires making changes to others, too. Imagine one patch requiring a specific change to a common component like Explorer. Bundling the patch with the updated version of Explorer seems like the obvious solution. Now imagine a second patch requiring a different change to Explorer, so it is also bundled with an updated version, but the Explorer update in patch two is different from the Explorer update in patch one. What happens when customer A installs patch one before patch two, while customer B chooses the reverse order?

These kinds of dependencies are very difficult to resolve. Meaningful testing is next to impossible. In other words: it became unmanageable, things had to change.

When Did Microsoft Switch to the Rollup Model?

The switch from individual updates to cumulative rollups was introduced with the first release of Windows 10 in 2015. Windows 7, 8.1 and their server equivalents followed about 1.5 years later.

The Problem With Cumulative Rollups: Size

Cumulative rollups contain all the necessary bits to update any older version of the same OS. Consequently, cumulative updates grow in size over time. The September update will always be bigger than the August update, whereas the October update will, in turn, be bigger than the September update.

Minimizing the Download

Express Update Delivery

Windows 10 uses a sophisticated mechanism called Express to minimize the download volume. In a nutshell it works as follows:

  1. Windows Update first downloads metadata about an update
  2. Windows Update passes the metadata to Windows Installer
  3. Windows Installer scans the system to determines which parts of the update’s files are already present
  4. Windows Installer requests Windows Update to download the changed byte ranges from the update’s files
  5. Windows Update downloads the ranges and passes them to Windows Installer so it can patch the OS

Express update delivery for quality updates (i.e. patches) is available for Windows 10 clients connected to:

  • System Center Configuration Manager 1702
  • WSUS
  • Windows Update
  • Windows Update for Business

Starting with Windows 10 1709, Express is also being used for feature updates (i.e. new OS versions) for clients connected to:

  • Windows Update
  • Windows Update for Business

Delta Updates

Delta updates are an interim mechanism only available for Windows 10 versions 1607, 1703 and 1709.

Delta updates are not cumulative; they only contain one month’s patches and can only be applied to machines that have the previous month’s update installed.

Update Linearity and UBR

Individual KB downloads are a thing of the past. This is a big step towards reducing fragmentation caused by systems containing a mix of individual updates.

With a linear update sequence, a machine is always at a well-defined point of a number line. The machine’s current position on the line reflects its update status. The corresponding number is called Update Build Revision (UBR). If you know a machine’s OS build and UBR numbers, you can easily look up its patch state on Microsoft’s Windows 10 release information site.

Monitoring the Windows 10 Patch State

uberAgent performs a daily inventory that includes installed updates as well as the operating system’s build & UBR numbers. While the list of updates can be useful for troubleshooting individual machines, the OS build allows for a great overview of the update health of the estate. The screenshot above, taken from the Update Inventory dashboard, shows the OS build distribution over time. It is easy to see how quality updates are being rolled out, replacing the previous version and incrementing the build number.

The post Monitoring Windows 10 Update Status appeared first on uberAgent.

]]>