uberAgent

Network Metrics

Network Communication

uberAgent collects metrics like source process (process sending/receiving data on the machine uberAgent is running on) as well as IP address and port per network target and sending/receiving process. A network target is a communication endpoint from the point of view of the machine uberAgent is running on. uberAgent distinguishes between different services on the target machine and can show latencies for, say, SMB and SQL Server independently. Of course, uberAgent supports both IPv4 and IPv6! uberAgent optionally only shows new ports and targets never seen before.

Notes:

  • Field: AppVersion - uberAgent has an internal filter to minimize data volume by suppressing version information for system processes and system services. As a result, the AppVersion field is typically empty for most system processes and services.

Details

  • Source type: uberAgent:Process:NetworkTargetPerformance
  • Used in dashboards: Application Network Issues, Citrix XA/XD Databases, Process Network Communication, Application Network Communication, Machine Network Communication, Single Application Performance, Single Machine Detail, Single User Detail
  • Enabled through configuration setting: NetworkTargetPerformanceProcess
  • Related configuration settings: [NetworkTargetPerformanceProcess_Config]
  • Supported platform: all

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
ProcName Process name. String   chrome.exe
ProcUser Process user. String   Domain\JohnDoe
NetTargetRemoteAddress Network target remote address. String   138.201.31.60
NetTargetRemoteName Network target remote name. String   vastlimits.com
NetTargetRemotePort Network target remote port. Number   443
NetTargetSendCount Count of packets to network target containing payload. Number   15
NetTargetReceiveCount Count of packets from network target containing payload. Number   14
NetTargetConnectCount Count of connects to network target. Number   1
NetTargetSendKBPS Kilobytes per second sent to network target. Number KB/s 1024
NetTargetReceiveKBPS Kilobytes per second received from network target. Number KB/s 1024
NetTargetSendMB Amount of data volume send to network target. Payload only, no protocol overhead. Number MB 1
NetTargetReceiveMB Amount of data volume received from network target. Payload only, no protocol overhead. Number MB 1
NetTargetSendLatencyMs Latency to network target. Number ms 100
NetTargetProtocols Protocols used. String   TCP
NetTargetSendLatencyCount Count of events with latency. Number   2
AppId Associated application ID. Used by uberAgent to lookup application names and populate field AppName. String   GglChrm
NetTargetReconnectCount Count of reconnects to network target. Number   3
NetTargetRetransmitCount** Count of retransmits to network target. Number   3
AppVersion Application version. String   67.0.3396.99
NetTargetSendJitterMs* Jitter to network target. Number ms 5
NetTargetSendJitterCount* Count of events with jitter. Number   1
NetTargetSourceAddress Network source IP. String   127.0.0.1
NetTargetSendLatencyInitialMs* Initial Latency to network target (TCP handshake). Number ms 100
NetTargetSendLatencyInitialCount* Count of events with initial latency. Number   1
NetTargetSourcePort* Network source port. Number   43021

List of Calculated Fields

Field Description Data type Unit Example Where available
NetTargetRemoteNameAddress Content of NetTargetRemoteName. If NetTargetRemoteName is not filled, NetTargetRemoteAddress is used instead. String   vastlimits.com Splunk data model
NetTargetRemoteNameAddressPort Concatenation of NetTargetRemoteNameAddress and NetTargetRemotePort. String   vastlimits.com:443 Splunk data model
NetTargetSendReceiveMB NetTargetSendMB + NetTargetReceiveMB. Number MB 2 Splunk data model
NetTargetSendReceiveCount Count of sends and receive events combined. Number   29 Splunk data model
NetTargetSendReceiveKBPS NetTargetSendKBPS NetTargetReceiveKBPS. Number KB/s 2048 Splunk data model
NetTargetSendDurationMs NetTargetSendLatencyMs x NetTargetSendLatencyCount. Number ms 200 Splunk data model
AppName Associated application name. String   Google Chrome Splunk data model, Splunk SPL
ProcUser Process user. String   Domain\JohnDoe Splunk data model, Splunk SPL
User User name. String   Domain\JohnDoe Splunk data model
ProcessName Process name. String   chrome.exe Splunk data model

Network Connection Failures

uberAgent collects metrics like source application name as well as protocols used whenever a network connection attempt fails.

Details

  • Source type: uberAgent:Application:NetworkConnectFailure
  • Used in dashboards: Application Network Issues, Machine Network Issues, Process Network Issues
  • Enabled through configuration setting: NetworkTargetPerformanceProcess
  • Related configuration settings: [NetworkTargetPerformanceProcess_Config]
  • Supported platform: all

List of Fields in the Raw Agent Data

Field Description Data type Unit Example
AppId Associated application ID. Used by uberAgent to lookup application names and populate field AppName. String   GglChrm
AppVersion Application version. String   67.0.3396.99
ProcessName Process name. String   chrome.exe
ProcessId Process ID. Number   456
SessionGUID Unique identifier that is generated by uberAgent when the session is created. Valid for this session only. String   00000002-f295-9109-e7c7-c964011dd401
NetTargetRemoteAddress Network target remote address. String   138.201.31.60
NetTargetRemoteName Network target remote name. String   vastlimits.com
NetTargetRemotePort Network target remote port. Number   443
NetTargetProtocols Protocols used. The only protocol supported is TCP. String   TCP
NetTargetSourceAddress Network source IP. String   127.0.0.1
NetTargetSourcePort* Network source port. Number   43021

List of Calculated Fields

Field Description Data type Unit Example Where available
AppName Associated application name. String   Google Chrome Splunk data model, Splunk SPL
ProcName Process name. String   chrome.exe Splunk data model
User User name. String   Domain\JohnDoe Splunk data model, Splunk SPL
NetTargetRemoteNameAddress Content of NetTargetRemoteName. If NetTargetRemoteName is not filled, NetTargetRemoteAddress is used instead. String   vastlimits.com Splunk data model

* Fields only available when NetworkDriverEnabled = true. ** In cases of high network activity combined with a large number of retransmissions, uberAgent may not detect all retransmissions. This design choice ensures minimal overhead and avoids any negative impact on system performance.

Network Metrics