Application & Process Performance Metrics
Process Detail
uberAgent collects rich metrics per process & per application. This includes the user and domain, CPU & RAM usage as well as network latency & throughput, to name just a few.
Notes:
- Processes are auto-grouped into applications, i.e., the application name is determined automatically. Information on how automatic application identification works is available here.
- Field:
AppVersion
- uberAgent has an internal filter to minimize data volume by suppressing version information for system processes and system services. As a result, theAppVersion
field is typically empty for most system processes and services.
Details
- Source type:
uberAgent:Process:ProcessDetail
- Used in dashboards: Process Performance, Application Performance, Machine Performance, Application Usage, Process GPU, Single Machine Detail, Single Application Detail, Single User Detail, Analyze data over time
- Enabled through configuration setting:
ProcessDetailTop5
orProcessDetailFull
- Related configuration settings:
[ProcessToApplicationMapping]
,[ApplicationMappingIgnoredProcesses]
,[ProcessDetailFull_Filter]
,[ProcessDetail_SendCommandline]
,[ProcessStartupSettings]
List of Fields in the Raw Agent Data
Field | Description | Data type | Unit | Measurement type | Platform | Example |
---|---|---|---|---|---|---|
ProcName | Process name. | String | Snapshot | all | chrome.exe | |
ProcCPUTimeMs | Process CPU usage (absolute usage in milliseconds). | Number | ms | Sum | all | 5000 |
ProcCPUPercent | Process CPU usage (relative usage in percent). | Number | % | Average | all | 12 |
ProcIOPSRead | Process I/O read operations per second. | Number | Average | Win | 200 | |
ProcIOPSWrite | Process I/O write operations per second. | Number | Average | Win | 200 | |
ProcIOReadCount | Process I/O read operation count. | Number | Count | Win | 100 | |
ProcIOWriteCount | Process I/O write operation count. | Number | Count | Win | 100 | |
ProcIOReadMB | Process I/O read data volume. | Number | MB | Sum | all | 150 |
ProcIOWriteMB | Process I/O write data volume. | Number | MB | Sum | all | 150 |
ProcIOLatencyReadMs2 | Latency of process I/O read operations. | Number | ms | Average | Win | 300 |
ProcIOLatencyWriteMs2 | Latency of process I/O write operations. | Number | ms | Average | Win | 300 |
ProcWorkingSetMB | Process RAM usage (working set). | Number | MB | Snapshot | all | 100 |
ProcNetKBPS | Process network traffic data volume per second. macOS: includes payload + protocol overhead, Windows: payload only. | Number | KB/s | Sum | all | 500 |
ProcUser | Process user. | String | Snapshot | all | Domain\JohnDoe | |
ProcGpuComputePercent | Process GPU compute usage (relative usage in percent). | Number | % | Average | Win | 20 |
ProcGpuMemMB | Process GPU memory usage. | Number | MB | Average | Win | 150 |
AppId | Associated application ID. Used by uberAgent to lookup application names and populate field AppName . |
String | Snapshot | all | GglChrm | |
AppVersion | Associated application version. | String | Snapshot | all | 67.0.3396.99 | |
ProcID | Process ID generated by the OS. Process IDs are reused and cannot be used to uniquely identify a process. Use ProcGUID for that purpose instead. |
Number | Snapshot | all | 456 | |
ProcCmdline | The process’ command line. | String | Snapshot | all | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –url http://vastlimits.com | |
ProcGUID | Unique identifier for a process instance that is generated by uberAgent. | String | Snapshot | all | 00000000-ebe5-469c-63ae-f5a1de28d401 | |
ProcGpuEngineMostUsed | The ID of the most used GPU engine (requires at least Windows 10 1709). | Number | Snapshot | Win | 1 | |
ProcGpuEngineMostUsedDisplayName | The display name of the most used GPU engine (requires at least Windows 10 1709). | String | Snapshot | Win | 3D | |
SessionID | Session ID generated by the OS. Session IDs are reused and cannot be used to uniquely identify a session. Use SessionGUID for that purpose instead. |
Number | Snapshot | all | 1 |
Notes
- The following fields are empty unless
EnableExtendedInfo
is set to true:ProcGUID
. - The following field is empty unless
EnableExtendedInfo
and[ProcessDetail_SendCommandline]
are configured:ProcCmdline
.
List of Calculated Fields
Field | Description | Data type | Unit | Measurement type | Where available | Example |
---|---|---|---|---|---|---|
ProcCPUTimeS | Process CPU usage (absolute usage in seconds). | Number | s | Sum | Splunk data model | 5 |
ProcIOCount |
ProcIOReadCount + ProcIOWriteCount . |
String | Sum | Splunk data model | 200 | |
ProcIOPS |
ProcIOPSRead + ProcIOPSWrite . |
Number | Sum | Splunk data model | 400 | |
ProcIOMB |
ProcIOReadMB + ProcIOWriteMB . |
Number | MB | Sum | Splunk data model | 300 |
ProcIOMBPS |
ProcIOMB / ProcIOCount x ProcIOPS . |
Number | MB | Sum | Splunk data model | 600 |
ProcIOLatencyMs |
ProcIOLatencyReadMs + ProcIOLatencyWriteMs . |
Number | ms | Sum | Splunk data model | 600 |
ProcIODurationReadMS |
ProcIOLatencyMsRead x ProcIOCountRead . |
Number | ms | Sum | Splunk data model | 30000 |
ProcIODurationWriteMS |
ProcIOLatencyMsWrite x ProcIOCountWrite . |
Number | ms | Sum | Splunk data model | 30000 |
ProcIODurationMS |
ProcIODurationReadMS + ProcIODurationWriteMS . |
Number | ms | Sum | Splunk data model | 60000 |
User | Alias for ProcUser . |
String | Snapshot | Splunk data model | Domain\JohnDoe | |
AppName | Associated application name. | String | Snapshot | Splunk data model, Splunk SPL | Google Chrome | |
time | Alias for _time . |
Number | Snapshot | Splunk data model | 2018-07-31T18:34:32.451+02:00 |
Process Statistics
uberAgent collects rich metrics per process. This includes the handle count, page faults, and priority, to name just a few.
Notes:
- Processes are auto-grouped into applications, i.e., the application name is determined automatically. Information on how automatic application identification works is available here.
Details
- Source type:
uberAgent:Process:ProcessStatistics
- Used in dashboards: Process Performance, Application Performance, Single Application Detail, , Analyze data over time
- Enabled through configuration setting:
ProcessStatistics
- Related configuration settings:
List of Fields in the Raw Agent Data
Field | Description | Data type | Unit | Measurement type | Platform | Example |
---|---|---|---|---|---|---|
ProcName | Process name. | String | Snapshot | Win | chrome.exe | |
ProcID | Process ID generated by the OS. Process IDs are reused and cannot be used to uniquely identify a process. Use ProcGUID for that purpose instead. |
Number | Snapshot | Win | 456 | |
ProcGUID | Unique identifier for a process instance that is generated by uberAgent. | String | Snapshot | Win | 00000000-ebe5-469c-63ae-f5a1de28d401 | |
ProcUser | Process user. | String | Snapshot | Win | Domain\JohnDoe | |
AppId | Associated application ID. Used by uberAgent to lookup application names and populate field AppName . |
String | Snapshot | Win | GglChrm | |
ProcHandleCount | Process handle count. | Number | Snapshot | Win | 810 | |
ProcThreadCount | Process thread count. | Number | Snapshot | Win | 20 | |
ProcPriority | Process priority. Valid values: 0 , 1 , 2 , 3 , 4 , 5 or 6 . The numerical priority is used by uberAgent to look up and populate the field ProcPriorityDisplayName . |
Number | Snapshot | Win | 4 | |
ProcPrivateMB | Process allocated private memory. | Number | MB | Snapshot | Win | 512 |
ProcVirtualSizeMB | Process allocated virtual memory. | Number | MB | Snapshot | Win | 128 |
ProcPageFaultsPS | Process page faults per second. | Number | s | Average | Win | 10 |
ProcPageFileMB | Process page file usage. | Number | MB | Snapshot | Win | 256 |
List of Calculated Fields
Field | Description | Data type | Unit | Measurement type | Where available | Example |
---|---|---|---|---|---|---|
ProcPriorityDisplayName | Process priority display name (see also ProcPriority ). Valid values: Above normal , Below normal , High , Idle , Normal , Realtime and Unknown . |
String | Snapshot | Splunk data model, Splunk SPL | Above normal |
Application & Process Performance Metrics
Copied!
Failed!