uberAgent for Splunk: Dynamic Application Identification

UberAgent
Published Jan 30, 2013 Updated Feb 23, 2021

uberAgent for Splunk monitors Windows machines. It does not try to display as much data as possible but focuses on visualizing what is actually going on instead. In the last post we gave you a glimpse of the information it can display about user sessions and logon times. Today we are going to talk about machines, processes and applications.

Machines and Processes

As you would expect, uberAgent gives you detailed performance data about your computers. It works with client and server versions of Windows, of course. The information that is available includes CPU, disk, machine, and kernel memory data. The Machine Detail dashboard displays both the numerical values for detailed analysis as well as charts for a quick overview.

As a design principle, we try to always give you historical data in addition to an average over a certain time range. By clicking on a row in the Machine Detail dashboard the corresponding historical data dashboard for the selected server is invoked.

The process dashboards are laid out in a similar fashion. The overview page lists all processes (this can be filtered, of course). Clicking on any row brings up the historical view of that process.

Applications

While it is pretty clear where machine and process data come from, this is not so obvious with applications. In fact, there is a tiny little bit of magic involved here - Windows does not have a concept of applications, it only knows about processes. That receiver.exe, concentr.exe and wfcrun32.exe form a logical application entity called Citrix Receiver is totally irrelevant to the operating system. For that reason, other monitoring systems do not bother with applications.

uberAgent is different. It automatically groups related processes to applications, because humans think in applications, not in processes - and uberAgent is designed for humans. When troubleshooting performance problems it is not enough to know that, say, SelfService.exe has a problem. You need to know that Citrix Receiver generates all those IOs. uberAgent shows you exactly that and makes it easy to analyze the impact your applications have on overall system performance.

Monitoring Splunk

Comments

Comments are powered by Giscus. Please enable JavaScript to view them, or view discussions directly on GitHub.

Related Posts

What Is Splunk and How Does It Work?

What Is Splunk and How Does It Work?

You have probably heard of Splunk, but can you describe what it does to a colleague in a few sentences? That is not easy. Splunk does not belong in any traditional category but stands apart from the crowd. That makes it interesting, but also the explaining harder. Here is my attempt.

Why Sizing for Averages is a Bad Idea

Why Sizing for Averages is a Bad Idea

When sizing a new environment it is tempting to use averages. It seems the logical thing to do. But it also guarantees a bad user experience. Example: Sizing an RDS or XenApp Farm Let’s say you’re tasked with building a new Citrix XenApp farm. Being a diligent IT person you set up a pilot: one or two machines with all the right software and settings. Then you carefully select a group of pilot users in such a way that they represent the organization’s employee types statistically correctly. Then you let them work on the new platform, ironing out bugs and such. At the end of that period, you have a great new platform. But there is one big question left: how many servers to buy?!

uberAgent Now Monitors RES Workspace Manager Logon Times, Too

Whether user profiles are loading slowly or group policy processing is taking too long - uberAgent for Splunk tells you exactly what is causing slow logons. uberAgent always supported a broad range of platforms, from physical PCs through virtual desktops to Citrix XenApp. Today we add RES Workspace Manager to that list!

What's New in uberAgent 2.1

What's New in uberAgent 2.1

In version 2.1 uberAgent collects detailed ICA, PCoIP, and RDP remoting client properties. Yes, that is right, we have added support for VMware Horizon View to our user experience and application performance monitoring product. Read on for more goodness!

Latest Posts

Fast & Silent 5 Watt PC: Minimizing Idle Power Usage

Fast & Silent 5 Watt PC: Minimizing Idle Power Usage

This micro-series explains how to turn the Lenovo ThinkCentre M90t Gen 6 into a smart workstation that consumes only 5 Watts when idle but reaches top Cinebench scores while staying almost imperceptibly silent. In the first post, I showed how to silence the machine by replacing and adding to Lenovo’s CPU cooler. In this second post, I’m listing the exact configuration that achieves the lofty goal of combining minimal idle power consumption with top Cinebench scores.

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

Fast & Silent 5 Watt PC: Lenovo ThinkCentre M90t Modding

This micro-series explains how to turn the Lenovo ThinkCentre M90t Gen 6 into a smart workstation that consumes only 5 Watts when idle but reaches top Cinebench scores while staying almost imperceptibly silent. In this first post, I’m showing how to silence the machine by replacing and adding to Lenovo’s CPU cooler. In a second post, I’m listing the exact configuration that achieves the lofty goal of combining minimal idle power consumption with top Cinebench scores.

Scripted WordPress to Hugo Migration

Scripted WordPress to Hugo Migration

After having published in WordPress for almost 20 years, it was time for a change. This site is now rendered by Hugo, a static website generator built for Markdown content hosted in a Git repository. The migration from WordPress (HTML) to Hugo (Markdown) was far from trivial. Since I couldn’t find any tool for the job, I developed my own set of migration scripts that fully automate the migration process. You can find them on GitHub along with extensive documentation.

Mitsubishi Heat Pump Data in Home Assistant via Modbus

Mitsubishi Heat Pump Data in Home Assistant via Modbus

This article shows how to get detailed information about your Mitsubishi heat pump’s status and operations into Home Assistant. Prerequisites You’ll need a Mitsubishi Modbus interface, either the older A1M (serial Modbus/RTU via RS-485 only) or the newer A1M+ (Modbus/TCP via Ethernet in addition to Modbux/RTU). I’m using the Ethernet variant.

Home Automation, Networking & Self-Hosting