Session Detail: Connected Via IP


I notice in the Session:SessionDetail:Users there is SessionClientTypeCtx, which has values in the doco of WI and ICA Client. In my results I am seeing WI and SSP; I am guessing SSP is the Storefront App and WI is Receiver for Web.

We have a number of users connecting via a Netscaler Gateway and in the Citrix Studio we can see the metric ConnectedViaIP; all the users who are connected remotely via the Netscaler Gateway are showing an IP address for this attribute, which lets us run a PowerShell command on the Studio to show total number of users connected via the Gateway (Remote Access).

Command for reference:

(Get-BrokerSession -AdminAddress <deliverycontrollerFQDN> -ConnectedViaIP <Gateway IP Address> -maxrecordcount 5000 | select UserUPN -Unique).count

I am using the following in uberAgent to count the number of remote users since all users who are remote are coming in via Receiver for Web (WI):

| pivot `uA_DM_Session_SessionDetail_Users` Session_SessionDetail_Users




        filter SessionClientTypeCtx is "WI"

I use User since a single user might have multiple sessions, e.g. a main set of applications running on one VDA and a more specialized app running on its own server, which would give extra numbers of remote users if I were to split using SessionGUID.

Is the ConnectedViaIP metric available in the uberAgent splunk data?

Thanks and Regards,




  • Avatar
    Dominik Britz Official comment

    Hi David,

    Unfortunately, ConnectedViaIp is not part of uberAgent's default metrics. I added the request to our backlog, though.

    To help you short-term I put together short instructions on how to get that data with uberAgent's custom script framework.

    Getting ConnectedViaIp into Splunk

    first, if you are not familiar with uberAgent's custom script framework I recommend reading about it here: https://uberagent.com/docs/uberagent/latest/advanced-topics/uberagent-custom-scripts/

    Deploy the script

    I created a PowerShell script that collects the metric. You have to push that script to your Citrix session hosts. I put it as Get-ConnectedViaIP.ps1 in C:\Program files\vast limits\uberAgent\scripts.

    function Get-RegValue ($RegPath, $RegName) {

    $x = Get-ItemProperty -Path $RegPath

    $x.PSObject.Properties | ForEach-Object {
    If($_.Name -eq $RegName){
    Return $_.Value

    $CurrentSessionID = [System.Diagnostics.Process]::GetCurrentProcess().SessionId
    $SessionGuid = Get-RegValue -RegPath 'HKLM:\SOFTWARE\vast limits\uberAgent\SessionGuids' -RegName $CurrentSessionID

    $RegPath = 'HKLM:\SOFTWARE\Citrix\Ica\Session\' + $CurrentSessionID + '\Connection'
    $ConnectedViaIpAddress = Get-RegValue -RegPath $RegPath -RegName 'ConnectedViaIpAddress'

    [Hashtable]$Output = @{
    Write-Output $($Output.Keys.ForEach({"$_=$($Output.$_)"}) -join ' ')


    Configure uberAgent

    Add a timer to uberAgent to run the script periodically with user privileges.

    Name = ConnectedViaIP
    Interval = 300000
    Script = powershell.exe -executionpolicy bypass -file "C:\Program Files\vast limits\uberAgent\Scripts\Get-ConnectedViaIP.ps1"
    ScriptContext = UserSessionAsUser


    Search in Splunk

    The following join search adds the new metric to the existing ones. You cannot search with | pivot anymore as the data coming from the script is not in a data model. You have to use SPL instead.

    index=uberagent sourcetype="uberAgent:Session:SessionDetail" SessionProtocol=ICA
    | join type=left SessionGUID
    | search index=uberagent sourcetype="*uberAgent:Script:ConnectedViaIP*"
    | fields + ConnectedViaIpAddress


    Hope that helps. Happy to answer any questions.

  • 0
    David Shane

    Hi Dominik,


    This is amazing, than you so much. I'll give it a go.




Please sign in to leave a comment.