0

Enable Logoff data - in .conf file or splunk

Hi team,

I'm trying to enable logoff information listed here:
https://uberagent.com/documentation/splunk-events-and-source-types/#user-logoff

Splunk doesn't seem to have any of this data captured by default, searching Sourcetype="uberAgent:Logoff:LogoffPerformance" or similar logoff data doesn't return any results.

I also can't find a UA Metric, timr or 'on demand' to put in the .conf file to enable it.

Am I missing a step or doing something wrong?

 

Many thanks

Andy

4 comments

  • Avatar
    Helge Klein Official comment

    Hi Andy,

    Logoff monitoring is enabled along with logon monitoring (metric LogonDetail). It works best when the user is only logging off, not shutting down the entire mache.

    During shutdowns, uberAgent normally does not have enough time to capture information after the session has ended and before it shuts down itself.

    Does that explain what your are seeing?

    Thanks, Helge

  • 0
    Avatar
    Andy Howat

    Hi Helge,

    Thanks you. It certainly could, we have UA on laptops more than Desktops at the moment, where our habits are to shutdown/sleep/restart more than logoff. So in that sense, when we have more Desktop users in UA, I won't have to turn anything 'on' for seeing logoff data, I'll see whatever logoff data there is as long as users are choosing 'logoff' specifically?

    Makes complete sense if so. 

  • 0
    Avatar
    Helge Klein

    Yes, that is correct. You could verify on your own machine by logging off and then checking if the corresponding data shows up in the dashboards.

    On a side note, we are working on much more detailed standby/resume duration metrics. We hope to have official news soon ;-)

  • 0
    Avatar
    Andy Howat

    Excellent. We'll keep our eyes peeled. :)

     

    Thanks

    Andy

Please sign in to leave a comment.