This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Process Stop Metrics
Process Stop
uberAgent collects detailed process stop information like the process name, the process lifetime as well as the parent process.
Notes:
- Field:
AppVersion
- uberAgent has an internal filter to minimize data volume by suppressing version information for system processes and system services. As a result, theAppVersion
field is typically empty for most system processes and services.
Details
- Source type:
uberAgentESA:Process:ProcessStop
- Used in dashboards: Process Tree
- Enabled through configuration setting:
ProcessStop
- Related configuration settings: n/a
List of Fields in the Raw Agent Data
Field | Description | Data type | Unit | Platform | Example |
---|---|---|---|---|---|
ProcName | Process name. | String | all | svchost.exe | |
ProcUser | Process user. | String | all | domain\JohnDoe | |
ProcLifetimeMs | Process lifetime. | Number | Ms | all | 500 |
AppId | Application ID. | String | all | Svc:WdiSystemHost | |
ProcId | Process ID. | Number | all | 12345 | |
ProcParentId | Parent process ID. | Number | all | 67890 | |
SessionId | Session ID. | Number | all | 2 | |
ProcGUID | Process GUID. | String | all | 4b3e3686-7854-4d98-0023-1e0e617bf2e4 | |
SessionGUID | Session GUID. | String | all | 00000000-b242-d759-7a63-d686b0ffd501 | |
ProcParentName | Parent process name. | String | all | services.exe | |
ProcPath | Process path. | String | all | C:\WINDOWS\System32\svchost.exe | |
ProcCmdline | Process commandline. | String | all | C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted | |
IsElevated | Indicates if the process was started elevated (admin rights). | String | all | 1 | |
AppVersion | Application version. | String | all | 1.0 | |
ProcParentGUID | Parent process GUID. | String | all | d72ceb7e-7851-02ec-005d-139741c4afd6 | |
IsProtected | Indicates if the process was started protected. | String | Win | 1 | |
HashMD5 | Process hash value in MD5. Configurable via settings EnableCalculateHash and HashAlgorithm . |
String | Win | 7FFE122B109F1B586DEA2ED0F406E952 | |
HashSHA1 | Process hash value in SHA1. Configurable via settings EnableCalculateHash and HashAlgorithm . |
String | Win | 26DBC241A37881072689CD05C70489C2CDFB562A | |
HashSHA256 | Process hash value in SHA256. Configurable via settings EnableCalculateHash and HashAlgorithm . |
String | Win | 95F0FBBAEF28999238598550D4B73530FD86205404B602F3E6189D0AE758A2EC | |
HashIMP | Import-table hash. Configurable via settings EnableCalculateHash and HashAlgorithm . |
String | Win | 188392D5FBCC485811BB54211E4D2978 | |
CdHash | Hash of the code directory of a signed executable. Configurable via setting EnableCdHash . |
String | macOS | 24e4b80198b220e4a0ea87d33bf72af22576722c |
List of Calculated Fields
Field | Description | Data type | Unit | Example | Where available |
---|---|---|---|---|---|
ProcUser |
coalesce (ProcUserExpanded, ProcUser) . |
String | Domain\JohnDoe | Splunk data model | |
User |
ProcUser . |
String | Domain\JohnDoe | Splunk data model | |
TimestampMs |
_time * 1000. |
Number | Ms | 1585913547467 | Splunk data model |
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.