uberAgent

User Logon Metrics

Logon Detail

uberAgent collects various details about logons like profile load time, Group Policy processing time as well as process performance.

Notes:

  • Field: AppVersion - uberAgent has an internal filter to minimize data volume by suppressing version information for system processes and system services. As a result, the AppVersion field is typically empty for most system processes and services.

Details

  • Source type: uberAgent:Logon:LogonDetail
  • Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration - Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a
  • Supported platform: Windows

List of Fields in the Raw Agent Data

Field Description Data type Unit Measurement type Example
SessionGUID Unique identifier that is generated by uberAgent when the session is created. Valid for this session only. String   Snapshot 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created. Will be reassigned to other sessions after logoff. Number   Snapshot 3
User User name. String   Snapshot Domain\JohnDoe
SessionLogonTime Time when the user logon started. String   Snapshot 2018-07-23 08:50:14
SiteName Active Directory site name. String   Snapshot Default-First-Site-Name
LogonServer Authenticating Active Directory domain controller. String   Snapshot DC1
ProfileLoadTimeMs User profile loading time - Microsoft user profile service. Number ms Sum 40000
CitrixPMLoadTimeMs User profile loading time - Citrix Profile Management. Number ms Sum 40000
GroupPolicyTotalProcessingTimeMs Total Group Policy processing time. Number ms Sum 250
DcDiscoveryTimeMs Domain controller discovery time Number ms Sum 10
LoopbackMode Group Policy loopback mode. Possible values: replace, merge, no loopback. String   Snapshot replace
ADLogonScriptTimeMs Active Directory logon script processing time. Number ms Sum 358
GroupPolicyLogonScriptTimeMs Group Policy logon script processing time. Number ms Sum 358
ResWmProcessingTimeMs RES ONE Workspace shell startup time. Number ms Sum 358
ShellStartupTimeMs Shell startup time. Typically Windows Explorer. Number ms Sum 358
TotalLogonTimeMs Total logon duration is defined as the time from the actual logon until the shell is fully initialized. Number ms Sum 40000
ProcessStartCount Number of processes started. Number   Count 8
IOCountRead Count of read I/O operations. Number   Count 100
IOCountWrite Count of write I/O operations. Number   Count 100
IOMBRead Amount of read I/O operation data volume. Number MB Sum 50
IOMBWrite Amount of write I/O operation data volume. Number MB Sum 50
IOLatencyReadMs I/O read operation duration divided by count of read I/O operations. Number ms Average 358

Group Policy CSE Detail

uberAgent collects detailed information about Client-Side-Extensions (CSEs) like name, duration, and return code.

Details

  • Source type: uberAgent:Logon:GroupPolicyCSEDetail2
  • Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration - Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
  • Enabled through configuration setting: LogonDetail
  • Related configuration settings: n/a
  • Supported platform: Windows

List of Fields in the Raw Agent Data

Field Description Data type Unit Measurement type Example
SessionGUID Unique identifier that is generated by uberAgent when the session is created. Valid for this session only. String   Snapshot 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created. Will be reassigned to other sessions after logoff. Number   Snapshot 3
User User name. String   Snapshot Domain\JohnDoe
CseName Client-side extension name. String   Snapshot Citrix Group Policy
CseDurationS Client-side extension processing time. Number s Sum 5.40
CseGPONames Group Policy where client-side extension is configured. String   Snapshot Default Domain Policy
CseReturnCode Client-side extension processing return code. Everything except 0 is bad. Number   Snapshot 0

Logon Processes

Detailed performance data about all processes active during user logon like process start time and lifetime duration, commandline, executable path, and CPU footprint.

Details

  • Source type: uberAgent:Process:LogonProcesses
  • Used in dashboards: Single Logon
  • Related configuration settings: n/a
  • Supported platform: Windows

List of Fields in the Raw Agent Data

Field Description Data type Unit Measurement type Example
ProcName Process name. String   Snapshot chrome.exe
ProcID Process ID. Number   Snapshot 456
ProcParentName Parent process name. String   Snapshot PowerShell.exe
ProcParentID Parent process ID. Number   Snapshot 789
ProcUser User who ran the process. String   Snapshot Domain\JohnDoe
AppId Associated application ID. Used by uberAgent to lookup application names and populate field AppName. String   Snapshot GglChrm
AppVersion Associated application version. String   Snapshot 67.0.3396.99
LogonProcType uberAgent groups processes running during logon into types. Possible values: Other,Userinit,AppSetup,Active Setup,AD logon script,GP logon script,Shell,RES Workspace Manager shell,RES Workspace Manager shell child,GP software installation,Run once,Initial program, User profile,Group Policy,Session setup,First logon animation. String   Snapshot GP logon script
ProcStartTimeRelativeMs Process relative start time. Number ms Snapshot 16764
ProcLifetimeMs Process lifetime. Number ms Sum 73615
ProcCmdline Process command line. String   Snapshot C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –url http://vastlimits.com
ProcPath Process path. String   Snapshot C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
ProcCPUTimeMs Process consumed CPU time. Number ms Sum 11859
ProcIOReadCount Process I/O operation read count. Number   Count 2000
ProcIOWriteCount Process I/O operation write count. Number   Count 990
ProcIOReadMB Process I/O operation read data volume. Number MB Sum 100.05
ProcIOWriteMB Process I/O operation write data volume. Number MB Sum 16.06
ProcIOLatencyReadMs2 Process I/O operation read latency. Number ms Average 300
ProcIOLatencyWriteMs2 Process I/O operation write latency. Number ms Average 300
ProcWorkingSetMB Process consumed RAM. Number MB Snapshot 500.06
ProcNetKBPS Process generated network traffic. Number KB Sum 19.18
SessionGUID Unique identifier that is generated by uberAgent when the session is created. Valid for this session only. String   Snapshot 00000002-f295-9109-e7c7-c964011dd401
SessionID Unique identifier that is generated by the machine when the session is created. Will be reassigned to other sessions after logoff. Number   Snapshot 3
TotalLogonDurationMs Total logon duration. Number ms Sum 40000
SortOrder2 Sort order number to sort the table Logon process performance_on the _Single Logon dashboard correctly. Number   Snapshot 29

List of Calculated Fields

Field Description Data type Unit Measurement type Where available Example
AppName Associated application name. String   Snapshot Splunk data model, Splunk SPL Google Chrome
SortOrder Sort order number to sort the table Boot process performance on the Single Boot dashboard correctly. Number   Snapshot Splunk data model 1
User Logon Metrics