User Logon Metrics
Logon Detail
uberAgent collects various details about logons like profile load time, Group Policy processing time as well as process performance.
Notes:
- Field:
AppVersion- uberAgent has an internal filter to minimize data volume by suppressing version information for system processes and system services. As a result, theAppVersionfield is typically empty for most system processes and services.
Details
- Source type:
uberAgent:Logon:LogonDetail - Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration - Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
- Enabled through configuration setting:
LogonDetail - Related configuration settings: n/a
- Supported platform: Windows
List of Fields in the Raw Agent Data
| Field | Description | Data type | Unit | Measurement type | Example |
|---|---|---|---|---|---|
| SessionGUID | Unique identifier that is generated by uberAgent when the session is created. Valid for this session only. | String | Snapshot | 00000002-f295-9109-e7c7-c964011dd401 | |
| SessionID | Unique identifier that is generated by the machine when the session is created. Will be reassigned to other sessions after logoff. | Number | Snapshot | 3 | |
| User | User name. | String | Snapshot | Domain\JohnDoe | |
| SessionLogonTime | Time when the user logon started. | String | Snapshot | 2018-07-23 08:50:14 | |
| SiteName | Active Directory site name. | String | Snapshot | Default-First-Site-Name | |
| LogonServer | Authenticating Active Directory domain controller. | String | Snapshot | DC1 | |
| ProfileLoadTimeMs | User profile loading time - Microsoft user profile service. | Number | ms | Sum | 40000 |
| CitrixPMLoadTimeMs | User profile loading time - Citrix Profile Management. | Number | ms | Sum | 40000 |
| GroupPolicyTotalProcessingTimeMs | Total Group Policy processing time. | Number | ms | Sum | 250 |
| DcDiscoveryTimeMs | Domain controller discovery time | Number | ms | Sum | 10 |
| LoopbackMode | Group Policy loopback mode. Possible values: replace, merge, no loopback. |
String | Snapshot | replace | |
| ADLogonScriptTimeMs | Active Directory logon script processing time. | Number | ms | Sum | 358 |
| GroupPolicyLogonScriptTimeMs | Group Policy logon script processing time. | Number | ms | Sum | 358 |
| ResWmProcessingTimeMs | RES ONE Workspace shell startup time. | Number | ms | Sum | 358 |
| ShellStartupTimeMs | Shell startup time. Typically Windows Explorer. | Number | ms | Sum | 358 |
| TotalLogonTimeMs | Total logon duration is defined as the time from the actual logon until the shell is fully initialized. | Number | ms | Sum | 40000 |
| ProcessStartCount | Number of processes started. | Number | Count | 8 | |
| IOCountRead | Count of read I/O operations. | Number | Count | 100 | |
| IOCountWrite | Count of write I/O operations. | Number | Count | 100 | |
| IOMBRead | Amount of read I/O operation data volume. | Number | MB | Sum | 50 |
| IOMBWrite | Amount of write I/O operation data volume. | Number | MB | Sum | 50 |
| IOLatencyReadMs | I/O read operation duration divided by count of read I/O operations. | Number | ms | Average | 358 |
Group Policy CSE Detail
uberAgent collects detailed information about Client-Side-Extensions (CSEs) like name, duration, and return code.
Details
- Source type:
uberAgent:Logon:GroupPolicyCSEDetail2 - Used in dashboards: Session Info: Citrix, Session Info: VMware, User Logon Duration, User Logon Duration - Group Policy, User Session Overview, User Sessions, Single Machine Detail, Single Logon, Single User Detail
- Enabled through configuration setting:
LogonDetail - Related configuration settings: n/a
- Supported platform: Windows
List of Fields in the Raw Agent Data
| Field | Description | Data type | Unit | Measurement type | Example |
|---|---|---|---|---|---|
| SessionGUID | Unique identifier that is generated by uberAgent when the session is created. Valid for this session only. | String | Snapshot | 00000002-f295-9109-e7c7-c964011dd401 | |
| SessionID | Unique identifier that is generated by the machine when the session is created. Will be reassigned to other sessions after logoff. | Number | Snapshot | 3 | |
| User | User name. | String | Snapshot | Domain\JohnDoe | |
| CseName | Client-side extension name. | String | Snapshot | Citrix Group Policy | |
| CseDurationS | Client-side extension processing time. | Number | s | Sum | 5.40 |
| CseGPONames | Group Policy where client-side extension is configured. | String | Snapshot | Default Domain Policy | |
| CseReturnCode | Client-side extension processing return code. Everything except 0 is bad. | Number | Snapshot | 0 |
Logon Processes
Detailed performance data about all processes active during user logon like process start time and lifetime duration, commandline, executable path, and CPU footprint.
Details
- Source type:
uberAgent:Process:LogonProcesses - Used in dashboards: Single Logon
- Related configuration settings: n/a
- Supported platform: Windows
List of Fields in the Raw Agent Data
| Field | Description | Data type | Unit | Measurement type | Example |
|---|---|---|---|---|---|
| ProcName | Process name. | String | Snapshot | chrome.exe | |
| ProcID | Process ID. | Number | Snapshot | 456 | |
| ProcParentName | Parent process name. | String | Snapshot | PowerShell.exe | |
| ProcParentID | Parent process ID. | Number | Snapshot | 789 | |
| ProcUser | User who ran the process. | String | Snapshot | Domain\JohnDoe | |
| AppId | Associated application ID. Used by uberAgent to lookup application names and populate field AppName. |
String | Snapshot | GglChrm | |
| AppVersion | Associated application version. | String | Snapshot | 67.0.3396.99 | |
| LogonProcType | uberAgent groups processes running during logon into types. Possible values: Other,Userinit,AppSetup,Active Setup,AD logon script,GP logon script,Shell,RES Workspace Manager shell,RES Workspace Manager shell child,GP software installation,Run once,Initial program, User profile,Group Policy,Session setup,First logon animation. |
String | Snapshot | GP logon script | |
| ProcStartTimeRelativeMs | Process relative start time. | Number | ms | Snapshot | 16764 |
| ProcLifetimeMs | Process lifetime. | Number | ms | Sum | 73615 |
| ProcCmdline | Process command line. | String | Snapshot | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –url http://vastlimits.com | |
| ProcPath | Process path. | String | Snapshot | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | |
| ProcCPUTimeMs | Process consumed CPU time. | Number | ms | Sum | 11859 |
| ProcIOReadCount | Process I/O operation read count. | Number | Count | 2000 | |
| ProcIOWriteCount | Process I/O operation write count. | Number | Count | 990 | |
| ProcIOReadMB | Process I/O operation read data volume. | Number | MB | Sum | 100.05 |
| ProcIOWriteMB | Process I/O operation write data volume. | Number | MB | Sum | 16.06 |
| ProcIOLatencyReadMs2 | Process I/O operation read latency. | Number | ms | Average | 300 |
| ProcIOLatencyWriteMs2 | Process I/O operation write latency. | Number | ms | Average | 300 |
| ProcWorkingSetMB | Process consumed RAM. | Number | MB | Snapshot | 500.06 |
| ProcNetKBPS | Process generated network traffic. | Number | KB | Sum | 19.18 |
| SessionGUID | Unique identifier that is generated by uberAgent when the session is created. Valid for this session only. | String | Snapshot | 00000002-f295-9109-e7c7-c964011dd401 | |
| SessionID | Unique identifier that is generated by the machine when the session is created. Will be reassigned to other sessions after logoff. | Number | Snapshot | 3 | |
| TotalLogonDurationMs | Total logon duration. | Number | ms | Sum | 40000 |
| SortOrder2 | Sort order number to sort the table Logon process performance_on the _Single Logon dashboard correctly. | Number | Snapshot | 29 |
List of Calculated Fields
| Field | Description | Data type | Unit | Measurement type | Where available | Example |
|---|---|---|---|---|---|---|
| AppName | Associated application name. | String | Snapshot | Splunk data model, Splunk SPL | Google Chrome | |
| SortOrder | Sort order number to sort the table Boot process performance on the Single Boot dashboard correctly. | Number | Snapshot | Splunk data model | 1 |
User Logon Metrics
Copied!
Failed!