Solved: UberAgent: getting strange application name

pedrolito · ‎10-25-2017

Hello splunkers!

I recently discovered a problem with guys monitoring citrix activities on how published app names are written.

The problem concerns application names which can have different format, like upper case and lower case.
Within dashboards this is not a problem as the value "SessionPublishedAppsCtx" is changed in "SessionPublishedAppsCtxSplitLower".

However, for a lot of applications, for ex. google chrome, I get results with the SessionPublishedAppsCtx=google_chrome_1-1.
It seems that somewhere, the application name is feeded with numbers at its end, or even sometimes truncated (off for 'office')

When I checked the brut logs from splunk SHD, I can see that logs are received in this format from uber Agent, which drive me to think that such name modification are done on the uberagent itself.

Any idea or feedback from this little issue ?

Thanks in advance

Cheers!

helge · ‎10-25-2017

uberAgent reads Citrix XenApp published application names from the registry of the VDA. The format of the names is internal to the VDA - uberAgent does not change it. It should, however, be easy enough to figure out which published application a name refers to.

View solution in original post

helge · ‎10-25-2017

uberAgent reads Citrix XenApp published application names from the registry of the VDA. The format of the names is internal to the VDA - uberAgent does not change it. It should, however, be easy enough to figure out which published application a name refers to.

pedrolito · ‎10-26-2017

Hi helge,

Thank you for this quick answer.

UberAgent: getting strange application name

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!