Hi team,
I'm trying to enable logoff information listed here:
https://uberagent.com/documentation/splunk-events-and-source-types/#user-logoff
Splunk doesn't seem to have any of this data captured by default, searching Sourcetype="uberAgent:Logoff:LogoffPerformance" or similar logoff data doesn't return any results.
I also can't find a UA Metric, timr or 'on demand' to put in the .conf file to enable it.
Am I missing a step or doing something wrong?
Many thanks
Andy
Hi Andy,
Logoff monitoring is enabled along with logon monitoring (metric LogonDetail). It works best when the user is only logging off, not shutting down the entire mache.
During shutdowns, uberAgent normally does not have enough time to capture information after the session has ended and before it shuts down itself.
Does that explain what your are seeing?
Thanks, Helge
Hi Helge,
Thanks you. It certainly could, we have UA on laptops more than Desktops at the moment, where our habits are to shutdown/sleep/restart more than logoff. So in that sense, when we have more Desktop users in UA, I won't have to turn anything 'on' for seeing logoff data, I'll see whatever logoff data there is as long as users are choosing 'logoff' specifically?
Makes complete sense if so.
Yes, that is correct. You could verify on your own machine by logging off and then checking if the corresponding data shows up in the dashboards.
On a side note, we are working on much more detailed standby/resume duration metrics. We hope to have official news soon ;-)
Excellent. We'll keep our eyes peeled. :)
Thanks
Andy