uberAgent consists of two main components: the actual agent runs on Windows machines you want monitored, sending the data it collects to Splunk either directly or via Splunk’s Universal Forwarder. The second main component, implemented as Splunk apps, takes care of setting up the Splunk backend configuration and provides the dashboards through which you consume uberAgent’s data.
uberAgent’s data collecting component is a lightweight agent that can be run without the need for a locally installed Universal Forwarder. A typical footprint of less than 20 MB RAM, less than 0.3% CPU and no disk IO at all (with diagnostic logging turned off) makes it truly unobtrusive on the monitored endpoints.
uberAgent does not rely on Windows performance counters but comes with its own metrics. Instead of raw data it gives you information that matters. A list of metrics can be found here.
The agent is highly configurable: metrics can be turned on or off, the data collection frequency can be chosen freely and information from irrelevant sources can be filtered out. This ensures that only data you really need is sent to Splunk for indexing.
Two Splunk apps help process and visualize the data collected by the agent. One lives on Splunk indexers and simply creates uberAgent’s index and TCP port. The other is a dashboard app that implements the user interface, providing nearly 50 different views into the collected data.
This is the indexer app. Please note that the dashboard app is required, too.
Removed the line "SEGMENTATION = ExcludeTimestamp" from props.conf because it references the file segmenters.conf which is not part of the Splunkbase version of this app.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.