• Change Organization Owner

    As part of the creation of any ControlUp Organization, a specified user is assigned to be the organization owner. That user is generally the first user to install the ControlUp license and open the ControlUp console. The organization owner has certain privileges managing the organization, such one-time passcode (OTP) authentication settings and audit log settings.

    Only the organization owner can transfer ownership to another user in the organization (and subsequently, no longer be the owner). We recommend assigning an Active Directory group as the organization owner so that if an organization owner is no longer an employee of the company, there is no problem with access to the ControlUp organization owner privileges. 

    If, for any reason, the organization owner is not able to transfer ownership, contact support@controlup.com to assign a new organization owner.

    To change an organization owner:

    1. Log into the ControlUp console as the organization owner and open the Security Policy pane from the bottom of the screen.
    2. Click Manage Roles in the Home ribbon, the Security Settings screen appears.
    3. In the New Owner box enter the user you want to be the organization owner. We recommend selecting an Active Directory group of users as the organization owner.
      If there isn't an existing group of users appropriate for this role, create one in your Active Directory and then assign this role.
    4. Click Apply and the organization owner is changed.
  • Audit Log

    The Audit Log feature is available from version 8.2 and above.

    The Audit Log enables you to see:

    • Changes made to ControlUp’s configuration settings, such as adding a new hypervisor.
    • Remote operations performed on managed assets through ControlUp, such as rebooting a virtual machine or killing a process on a managed computer.

    The Audit Log does NOT collect information on setting changes to personal preferences, such as column presets, and any user management activities, such as user signing in/out.

    These logs are primarily used in corporate environments. The audit log uploads data to the ControlUp cloud or can be configured to save to a local SysLog server. The Audit Log is by default, configured to enable centralized auditing in hybrid cloud environments.

    Auditing Methods

    Group Actions

    The auditing is carried out separately for each OBJECT on each TARGET and includes all details and completion status for each audit log entry.

    Auditing Optimizations

    The initialization and completion records carry only the relevant data to save storage and traffic.

    The initialization record contains all data except the output, while the completion record contains the output, status, and the error message if the action failed. 

    In the case of mass/group activity in public configuration, we have separate 'initialized' audit log entries for each object and one common 'completion' entry for all objects in the group because in such case the action is completed successfully for all objects or failed for all objects.

    The Audit Log documents up to ten automated action executions, per trigger, per minute in the organization. If the number of executions exceeds the limit, the automated actions run without auditing, even if the enforced mode is enabled.

    The following audit log entry is added to document the exception in CA: 
    "The amount of audit log entries generated by the trigger exceeds the permitted limit and will be silenced for a while."

    Storing the Audit Logs

    The Audit Logs may be stored in the following ways:

    • ControlUp cloud: This is the default configuration for hybrid cloud environments. Once support for the cloud data-store is implemented, it is possible to view an audit log report in SOLVE. The data is retained in this log for a period of a year after it was first recorded. This option is NOT available for on-premises implementations.
      For complete information on viewing Audit Logs, see here.
      The following is an example of the Audit Log stored in SOLVE.
    • SysLog: The contents of the SysLog data-store can be viewed using any standard SysLog reader (e.g. Splunk). On-premises implementations can only store audit logs on their SysLog Servers.
      The following is an example of the Audit Log stored on a Syslog Server.

    Actions are reported in the Audit Log as two separate entries; once for initialization of the action and once for completion of the action. 

    Audit Log Settings

    Only the organization owner can modify the audit log settings. The organization owner is displayed and managed in the Security Settings pane in the consoled.

    Go to the Audit Log tab by clicking Audit Log from the Settings ribbon and the Audit Log page appears.


    • Enable Centralized Auditing - For enabling/disabling the audit log data-storage in the hybrid cloud environment.
      • Fail action if auditing fails - Enforced mode. Prevents actions from being executed if the auditing was not completed properly. Not available in SysLog.
    • Send to SysLog Server -Enables you to save the auditing records to a SysLog server by entering its:
      • IP/hostname - Enter the IP address or hostname of the SysLog server.
      • Port - Enter the port to use to connect to the SysLog server.
      • Protocol Select the protocol to use to connect to the SysLog server – UDP or TCP

    Once you have finished making changes to the settings, click Apply to save the changes or OK to save the changes and close the window.

    Audit Logs Data

    For each entry in the audit logs, the following information is stored: 




    The ID of the performed action. All audit entries related to the same event have the same unique identifier.

    This is a hidden field but is essential for matching between the initialized and completed entries.


    The ID of an event performed as a group. All audit entries related to the same grouping-command have the same grouping unique identifier.

    This is a hidden field but is essential for matching records that belong to the same group-command.


    Date and time of the event.


    The source of the event (Web client, Console, PowerShell, automated action, Insights, etc.).


    The status of the event (initiated, completed, aborted, error, etc.)

    Requesting Computer

    The hostname or IP address of the computer from which the event was initiated. This can be:

    • The computer used.
    • The console, if the user performed an action from the console.
    • The monitor where the AA/cmdlet was executed.
    • The SOLVE/Insights (if available) if an action was performed manually from SolVE/Insights.

    Requesting User 

    The user account of the user who initiated the event.


    The user account that was used to execute the command.

    Note: If this is the same as the Requesting User, this field is left blank.


    The type of action that was performed (kill a process, add a computer, etc).


    Additional information that is specific to the command.

    Object Type

    The type of object on which the command was executed.


    The output of the operation.

    Executing Computer

    The name of the object on which the command was executed (computer hostname, hypervisor name, Netscaler name, organization name, username, etc).


  • Notification Templates

    This article briefly explains how to create custom notification templates in ControlUp for use with Incident Triggers. All steps are performed from the ControlUp Real-Time Console. More detailed information about creating notification templates and assigning them to Incident Triggers can be found in the rest of this guide.


    1. In the Trigger Settings window, select Templates. The Template Settings dialog box opens and lists the currently defined notification templates (see Creating a New Template).
    2. Select an existing template to use as the basis for the custom template, and then select Duplicate. A copy of the existing template opens.
    3. Under Template Name, enter a name for the custom template.
    4. Modify the Subject and Body fields as required.
      Note: To see a list of variables that can be used in these fields, select variables.
    5. Select OK. The template is created.
      Note: For information about assigning the template to an Incident Trigger, see Assigning a Template to a Trigger.


    Notification templates are used by ControlUp to create follow-up notifications when Incident Triggers are activated. They are used either to create e-mail notifications or to insert a log entry in the Windows Event Log and can be assigned to the following types of triggers:

    • Send an e-mail alert
    • Record an event in the application log
    • Send an e-mail alert via a local SMTP server
    • Run an action

    Templates can include both text and variables; the variables are replaced by specific information about the trigger in the actual notification text. The message body may also include other text, before and/or after the template text, that is predefined by ControlUp and cannot be modified or removed (e.g., “This is an automated alert...”).

    In older versions of ControlUp, templates were all predefined by ControlUp. Beginning with ControlUp v7.4, you can also create custom templates. Thus, you can add additional information to a notification or create a notification whose text is in French.

    Predefined templates cannot be edited or deleted, but they can be duplicated, and the duplicates can be modified or deleted. This is, in fact, how all custom templates are created – by making a duplicate of an existing template and modifying it.

    Using Variables in a Template

    Variables that can be used in notification templates have the form $(…), where the name of the variable is in the parentheses. For example: $(ObjectName) is a variable whose name is ObjectName, and it is used to insert the name of the object whose behavior generated the trigger into a notification. Variables can be included anywhere in the subject line or the body of a template. For example, the template body could include this line:

    The $(ObjectName)object has been disconnected from monitoring.

    In the actual notification, it would then say something like:

    The my-pc.domain.com object has been disconnected from monitoring.

    Not all variables are relevant to all triggers. For example, if the trigger is related to computer stress, no process is directly connected to it, so the $(ProcessName) variable is not defined. A complete list of supported variables, including descriptions of each variable and the contexts in which it is defined, is available from the link below. This list is presented as a spreadsheet in which the first four columns define and explain the variable, and the remaining columns show the contexts in which the variable is defined.

    Note: Variable names are not case-sensitive.

    List of variables: Link


    Variable list ( mceclip4.pngin a column indicates the variable is defined in the context of that column)

    Multi-Counter Variable

    In addition to the variables described above, another type of variable exists. This variable, ListOfColumns, is a special variable that is invoked multiple times in multi-counter incidents – once for each counter involved. The variable is only for use with Stress Level or Advanced triggers, because these are the only triggers that can include multiple conditions.

    The ListOfColumns variable has a special syntax, in which you can include the text and variables you would like to see for each counter involved in the incident. All of the text must be placed within the variable’s parentheses, after a colon and between quotation marks (e.g., $(ListOfColumns: "my text…”)). In addition, certain variables exist only for use with the ListOfColumns variable:










    Note: The variables in this category are also marked as such in the variable list. 3.png $(ListOfColumns) variables in the variable list

    The following is a sample of template text that uses the ListOfColumns variable:

    $(ListOfColumns:"          Column: $(Column)
    Value changed from $(ColumnValueBefore) to $(ColumnValueAfter)
    On ($(Timezone)): $(ColumnTimestamp)
    Threshold crossed: $(ColumnCrossedThreshold)

    If two columns – CPU and Name – were involved in this incident, the output of this code in the notification would look like this:

    Column: CPU 
    Value changed from 13% to 25%
    On (UTC +3 Jerusalem Standard Time): 13/05/2019 16:19:27
    Threshold crossed: 20%

    Column: Name
    Value changed from CPUSTRES.EXE to CPUSTRES.EXE
    On (UTC +3 Jerusalem Standard Time): 13/05/2019 16:19:27
    Threshold crossed: CPU*

    Creating a New Template

    Each template has three components:

    • Template Name: The name of the template that identifies it in the list of available templates
    • Subject: The title that will appear in the notification – in an e-mail, this is the subject line; in a log entry, this is the first line
    • Body: The text of the notification

    The Subject and Body fields of the template can include variables.

    In order to create a new template, you begin by duplicating an existing template, and then modifying it. You can select any existing template to duplicate. If you create a new template by selecting Add, the ControlUp Advanced Trigger template is duplicated.

    11.pngTo create a new template:

    1. In a ControlUp Console, in the My Organization screen, in either the Home or the Settings ribbon bar, select Triggers. The Settings window opens with the Trigger Settings tab displayed.


    Settings window with Trigger Settings tab displayed

    1. Select Templates. The Template Settings dialog box opens and lists the currently defined notification templates. Predefined ControlUp templates are identified by a mceclip1.png icon, while user-defined templates are identified by a mceclip0.png icon. Only user-defined templates can be edited; ControlUp templates are not editable.


    Template Settings dialog box showing the list of currently defined templates

    1. Select an existing template to use as the basis for the custom template in one of the following ways:
      • Select Add. The Edit Template window opens a copy of the ControlUp Advanced Trigger template.
      • Select an existing template, and then select Duplicate. The Edit Template window opens a copy of the selected template.


    Edit Template window

    1. Under Template Name, enter a name for the custom template.
    2. Modify the Subject and Body fields as required.

    Note: To open the list of variables that can be used in these fields (see above), select variables.


    Template edited

    1. When you are finished creating the template, select OK. The Edit Template dialog box closes, and the template is added to the list of available templates in the Template Settings dialog box.

    Assigning a Template to a Trigger

    Once you have created a template, you can assign it to any trigger. This is done in the trigger’s settings.

    Note: For the Run an action follow-up action, if you choose to send an e-mail notification, you must ensure that the trigger also has the Send an e-mail alert or the Send an e-mail alert using a local SMTP server follow-up actions configured. This is because the recipients of the Run an action e-mail notification are not specified in the Run an action settings – rather, they are copied from the settings of the Send an e-mail and the Send an e-mail alert using a local SMTP server follow-up-actions.
    When the trigger is activated, the Send an e-mail and the Send an e-mail alert using a local SMTP server follow-up actions are implemented immediately; the Run an action notifications are sent to the same recipients, but after the Run an action follow-up action is completed (successfully or not).
    If no Send an e-mail and no Send an e-mail alert using a local SMTP server follow-up-actions are defined along with a Run an action follow-up action, no notification e-mails are sent for the trigger.

    11.pngTo assign a template to a trigger:

    1. In the Settings window, in the Trigger Settings window, do one of the following:
      • Select Add Trigger to create a new Incident Trigger.
      • Select an existing Incident Trigger, and then select Edit to edit an existing trigger.

    The trigger-configuration wizard opens.

    1. Define or modify the trigger settings as required until you get to the Follow-up Action screen.
    2. In the Follow-up Action screen, under Type, select the type of follow-up action. Template assignment is supported in any of the following follow-up action types:
    • Send an e-mail alert
    • Record an event in the Application Log
    • Send an e-mail alert using a local SMTP server
    • Run an action


    Selecting a follow-up action

    1. Under Template, select the template to use for the notification.
      Note: Depending on the follow-up action you chose, the fields in this screen will vary, but a Template field is included for all follow-up actions that handle notifications.
    1. If you are configuring a Run an action follow-up action, in addition to configuring the settings for the Run an action follow-up action, as you just did, you must also configure a Send an e-mail alert and/or a Send an e-mail alert using a local SMTP server follow-up action.

      To do this, repeat steps 3-4 above: This time, select Send an e-mail alert or Send an e-mail alert using a local SMTP server. Configure all of the settings. Under Template, you can select any template that is appropriate for the e-mail notification; it does not have to be the same template that you selected in the Run an action settings (Two e-mails will be sent to each recipient whenever the trigger is activated – the one that is selected here, and the one that is selected in the Run an action settings). When you are finished, both follow-up actions should appear in the list:


    Both Run an action and Send an e-mail alert configured for a trigger

    1. Configure the rest of the settings for the trigger as necessary, and then, select Finish. The trigger is configured and the notification will be generated whenever the trigger’s conditions are met.


    1. A variable appears in a notification instead of the value of the variable.
      The variable does not exist. This is most likely caused by a typo in the template, in the name of the variable. Check the variable list above to ensure the variable name is correct.
    1. A blank space appears in a notification instead of the value of the variable.
      The variable name is defined, but it has no value when this type of trigger is activated. This occurs when you include a variable in a template that is not defined in the context of the incident. Check the variable list above to ensure all variables included in the template are defined in the context of the incident (look green cells with ‘v’ in the variable list).
  • Display Settings

    This tab allows you to select display preferences, such as whether you would like to show or hide system sessions, full computer names and navigation history.

    Also, you have an option to change Theme Color (Dark\Light)

    Enable Grouping – shows the grouping bar above the information grid, which allows for dragging any column header to the bar to group records by that column

    Show System Sessions – by default, the “System(1)” and “Services(0)” sessions are hidden on server machines in ControlUp, so the only sessions you see are real human users. Enable this checkbox to display the system and services sessions.

    Show Full Computer Names – this checkbox determines whether the Organization Tree should show full computer names (FQDNs) or flat names.

    Show Navigation Bar – display the “Back” and “Forward” buttons above the information grid.

    Show Navigation History – display the “History” dropdown above the information grid.

    Show Actions Task Pane – display available management actions in a separate pane on the right.

    Show Configuration Error Balloon – in case of an error during an update to the central configuration, display a balloon in the status bar indicating that not all changes may be saved.

    Show Disconnected Computers – if you disable this checkbox, computers will not be displayed in ControlUp unless they are in the “Ready” state, meaning that disconnected computers will disappear from the information grid.

    Show Parent View Record – when this option is enabled and a record is double clicked or focused on, the information grid will display the parent record information on top of the grid as well as its child objects below.

    Show Computers with Errors – display computers on the information grid even if their connection status is currently in error. This option can be disabled to support scenarios in which not all computers are accessible or powered on.

    Show Powered Off Computers – display computers for which the hypervisor layer has reported a “Powered Off” status.

    Show Agentless Managed VMs – display computers discovered via hypervisors, XenDesktop or AWS, to which ControlUp Agent has not been deployed.

    Show Agentless Managed Sessions – display sessions discovered via XenDesktop, hosted on computers to which ControlUp Agent has not been deployed.

    Show the option to add XenDesktop – display “Add XenDesktop” button in the ribbon (under the “Home” tab).

    Show Published Applications – display XenDesktop Published Applications in the Application View. Unchecking both this option and the “Show Applications” option - will empty the Applications View.

    Show Applications – in the Applications View, display aggregation rows for processes discovered by ControlUp Agent.

    Note: ControlUp includes a full screen mode, which can be invoked by pressing F11. If you would like ControlUp to open in full screen mode automatically, specify the “/fullscreen” command line parameter in the shortcut used for launching the console executable.


  • Agent Settings

    The Agent Settings tab of the Settings window allows you to select your preferred agent installation options:

    • Deploy agents automatically - When this option is checked (Default) the ControlUp Agent automatically deploys when computers are added to the console. In addition, when the console version is different than the agent version, the agent automatically upgrades to the console version. If a computer is defined in the console tree but the agent doesn't exist on the endpoint, the monitor also reaches out and tries to deploy the agents.
      Note: For this to work, the AD account used by the monitor would need admin rights on the computers to deploy the agent. 
      You can select to install agents manually if you don't want resources used to automatically check for and install updates on the monitored machines. 
    • Check ping – By default, all selected computers are pinged before agent distribution to ensure connectivity. If your managed computers do not respond to ICMP traffic, you may uncheck the “Check Ping Reply” checkbox in the Add Computers window.
    • Prerequisites check – By default, all selected computers are tested for .Net Framework presence before agents are distributed. This test may be bypassed by unchecking the “Check Pre-requisites” checkbox.
    • Default TCP port (40705 by default) - You may select a custom TCP port number for client communications using the “Listen on port” field in the bottom right corner of the window. Ensure that the port number you select is not used for any other applications on your network.
    • Auto-Connect Interval – Determines the time span between attempts to reconnect to agents if the “auto-connect” checkbox is enabled.
    • Agents will be uninstalled automatically when not used - When this option is enabled, the agent is automatically uninstalled if the console or monitor is not connected to the agent for 5 min.
      Note: If the computer is a ControlUp Monitor, the agent will not uninstall.
    • Linux monitoring:
        • You can select to install missing packages on Linux machines for agentless data collection.
        • You can allow users to add machines that are running unsupported Linux flavors.
          Note: We highly recommend not to add machines for these unsupported Linux flavors because this could disrupt data collection. Do so at your own risk.
    • Customized icon for chat window - You can add a customized icon if you are using the chat functionality. Select this option and browse the local machine to locate and upload the icon's image file.
    • Use only encrypted communication - For details on this option, see Agent Security Options in Agent Settings.
    • Download Agent MSI – Use this link to download standalone MSI packages for agent installation if you selected not to deploy agents automatically.
    • Agents authentication key - For details, see Agent Security Options in Agent Settings.


  • Proxy Settings

    If your network policy requires the use of a proxy server to reach the Internet, this is the place to configure your proxy server settings and authentication credentials, if applicable.

    Note: ControlUp doesn’t support proxy auto-configuration (PAC) files. Please provide your proxy server settings manually.

  • AD Connections

    The AD Connections tab allows you to add managed domains and configure the credentials to be used to connect to these domains. If you are running the ControlUp Real-Time Console as a domain user, this list may be empty, as shown below:


    This means that your current domain credentials are used whenever needed. If you start the Real-Time Console as a local (non-domain) user, you will be prompted for the FQDN of your Active Directory domain and valid domain credentials, which are mandatory for working with ControlUp.


    Domain connections are required for two reasons:

    1. The default method of adding computers is by browsing the Active Directory and domain membership is a prerequisite for managed computers.
    2. ControlUp uses your Active Directory login information to determine the rights and permissions that will be applied to your Real-Time Console. The Security Policy of ControlUp is based exclusively on Active Directory accounting.

    Managing machines from different domains/forests

    ControlUp supports managing computers from different Active Directory domains and forests. Even computers that belong to multiple untrusted Active Directory domains and forests can be managed within the same console, provided that you have sufficient credentials to manage computers in those domains and forests. All that is needed is an Active Directory connection, which consists of a domain FQDN and valid credentials.

    The AD connections tab of the Settings window can also be used to enable ControlUp organizations to span multiple Active Directory forests. Every time you log into the Real-Time Console, a list of available organizations is determined based on the Active Directory forest from which your Windows session is currently authenticated. If you create a new ControlUp organization from forest A and then later open the Real-Time Console from a computer logged into forest B, that organization will not be visible on the logon wizard.

    To enable the display of that organization in forest B:

    • Open the ControlUp Real-Time Console in a Windows session logged into forest A.
    • Log into your ControlUp organization.
    • Using the AD Connections tab of the Settings window, create an AD connection to forest B while providing valid credentials. Click OK.
    • Edit the newly created AD connection. Select the Trust tab and enable the checkbox next to “Allow users from “<forest B>” to log in to organizations created in “<forest A>”. Click OK.
    • Now open ControlUp in a Windows session logged into forest B. Your ControlUp organization should be visible on the organization's drop-down list.

    DNS resolution is a prerequisite for accessing Active Directory domains within ControlUp. If an untrusted domain is located in your local network (for example for testing purposes) but is not accessible using its FQDN, ControlUp will be unable to verify your credentials and add computers from that domain. In such a case, it is recommended to configure a DNS forwarder to allow access to the DNS namespace of the untrusted domain from your existing AD infrastructure.

  • Export Settings

    Using this setting, ControlUp may be configured to auto-export any information grid view to a CSV file on a scheduled basis. This goal is achieved performed by configuring export rules that instruct ControlUp to write the contents of the information grid to the disk.

    Note: The export rules you configure in the ControlUp console will only operate when a copy of the console is active. In order to configure ControlUp for continuous export, it is recommended that any export rules will be created on an instance of the ControlUp Monitor service. If you have already configured any export rules using the console, ControlUp will suggest you to move those rules to the first instance of ControlUp Monitor that you install in your organization. For more information on ControlUp Monitor, please refer to this page.

    When creating an export rule, the following information should be provided:

    Export View The name of the view to be exported from ControlUp’s My Organization pane. Every rule may only export one view.
    Days of the week The weekdays during which the export rule should be activated.
    Start time Time of day on which the export rule should begin operating.
    End time Time of day on which the export rule should stop operating.
    Interval A time period that should elapse before a new export file is created.
    Output folder The location to which the exported files will be saved.
    Delete files older than

    The retention period for old export files.

  • Events Settings

    The Events Pane gathers “Error” and “Warning” events from all of your managed computers. Use the following settings to configure the type of events you would like to see:

    Events Retention Period – by default, ControlUp only keeps events in memory for an hour. Use this setting to modify the retention period.

    Note: a drastic increase of the retention period may result in performance degradation.

    Event Type – select the types of event you would like to gather (default – Error, Warning and Audit Failure)

    Excluded Events – configure which events you would not like to see anymore by creating a new filter.

    Frequent Event Filter – by default, when the same event type (by Source and Event ID) appears more than 100 times, ControlUp stops gathering this event. Use this setting to configure the event filter so that you do not see many repetitive events.

  • Alerts Settings

    Trigger alerts for the following stress levels – select the stress levels for which you would like an alert to be triggered, by the ControlUp view.

    Play a sound alert in the console – if enabled, the console will play sound alerts as follow-up actions defined in incident triggers.

    Display stress level alert bubbles – if enabled, notification bubbles will be shown whenever a record reaches a stress Level, according to the setting above.

    Log stress level alerts – using this setting, you can configure ControlUp to record a message in the Application Event Log when your resources cross a preconfigured stress level. You can then use Windows Scheduled Tasks or your favorite monitoring solution to attach e-mail alerts to these events.

  • Stress Settings

    As a comprehensive real-time monitoring solution for multi-user environments, ControlUp is capable of displaying a complex and flexible measure of system health, called “Stress Level”, for every monitored resource, be it a folder, computer, user session or process. Stress Level is a numeric column, which is displayed in ControlUp’s grid with the following ranges: None, Low, Medium, High and Critical. Using this column, you can quickly determine the health of your resources, for example by sorting the grid so that highly stressed resources are on top. In this chapter, you will learn how to configure the Stress Level column to optimally represent the current health status of resources in your environment.

    Stress Settings tab layout

    All Stress Level-related settings are configured using the Stress Settings tab of the Settings Window. As seen in the image above, this tab contains a folder tree (1),
    which is identical to the tree displayed in “My Organization” pane, a navigation bar (2)
    for switching between resource types, a counter selection area (3),
    an “Applies To” are for configuring filters (4),
    a Settings area for configuring the computation of the Stress Level value (5)
    and a “Stress Levels” area (6)
    for configuring the boundaries between different levels.

    About Stress Level Inheritance

    Default Settings

    By default, every ControlUp organization contains a single set of Stress Level settings, configured on the root folder of the organization. Unless configured otherwise, these settings are inherited by all child folders and the computers within them.

    Subfolder Inheritance

    ControlUp’s folder tree is designed to allow the user to arrange computers in folders according to their type. For example, you might want to separate your workstations from your servers, and further segment the servers folder into subfolders containing different types of machines. This type of arrangement is generally convenient, and is especially useful for configuring different Stress Level settings for different types of computers.

    Filter Inheritance

    Besides segmenting resources into subfolders, ControlUp also distinguishes between resources automatically, allowing to configure performance counter thresholds which are optimal for each monitored resource. This is done by using filters, which are pre-configured criteria configurable in the counter area.


    You may configure different thresholds for each computer type using the filter area of each counter configuration. ControlUp distinguishes between the following computer types:

    General Purpose Server – a computer running a server-class Operating System, with no Terminal (Remote Desktop) Services installed. This could be a file server, an Exchange server, a Web server or an SQL server. These computers typically host a limited number of user sessions for administrative purposes, and have most of their resources consumed by background services.

    RDS – a computer running a server-class Operating System with Terminal (Remote Desktop) Services role installed. These computers typically host multiple end-user sessions, running virtualized applications or full-desktop environments.

    Workstation – a computer running a client Operating System, such as Windows 7, 8 or XP. A computer of this type typically hosts a single user session with foreground processes (applications) consuming most of the computer’s resources.

    By default, all filters within every counter inherit its default thresholds. By clicking on the filter name on the left, you can customize the thresholds for each filter, as described below.

    Configuring the Stress Level Computation

    The counter area of the Stress Settings tab allows you to configure which metrics contribute to the computation of the Stress Level column for each resource in ControlUp.

    Per-Counter Configurations

    The counter area includes a row for every column included in each of ControlUp’s views (Folders, Computers, Sessions, Processes, Accounts and Executables). Please note that each view supports a different set of columns. You can switch between views using the navigation buttons on top of the grid.

    Each counter row includes several settings which configure the contribution of that counter to the total Stress Level of the record.


    Every counter has a Yellow and a Red zone, with configurable numeric boundaries. In the example above, a computer “CPU” column’s default settings are 80% for Yellow and 90% for Red. Once a computer’s CPU usage climbs to 85%, the cell in its CPU column will become yellow. If the CPU usage drops below 80% again, this cell will go back to green. These changes in the grid should be instantaneous.

    Note: Some counters (such as Free Disk Space) have reverse zone boundaries, i.e. Red values will be lower than Yellow values, since in these cases a lower value indicates a more severe condition.


    Once a Yellow or a Red boundary is crossed, ControlUp tracks the time the value of the counter stays above that boundary. You can configure ControlUp to increase the resource’s Stress Level when this happens, specifying how long should the value stay above the threshold. For example, you may decide that if a computer’s Disk Queue Length value stays over 1 for 1 minute, this may indicate an I/O bottleneck and should affect the computer’s Stress Level, and if the value exceeds 2 for a minute it may indicate a severe I/O issue you might want to be displayed in red, as shown:


    The “Load” value determines how many points should be added to the value of the record’s Stress Level column when a threshold is crossed for the time duration described above. For example, in the Disk Queue example above, if the value stays between 1 and 2 for a minute, the Stress Level will be incremented by 1 point. If the value is above 2, the Stress Level will be incremented by 2 points.


    To change the value used by the information grid to display the performance data of a column and modify the cell color accordingly, select a computation method from the “Severity by” drop-down list. The following values are available:

    • Current Value – the column will display the present point value of the counter. This is recommended for counters such as “Memory Utilization” or disk free space, for which knowing the most current present value is most valuable.
    • Max – the maximum value recorded in the counter since its sampling started. Valuable mainly for peak analysis and capacity planning.
    • Min – same as the above, referring to the minimum value.

    Note: ControlUp’s performance counters maintain a buffer of samples that were significantly different from previous samples. The number of stored values depends on the variance of the sample. While the computation formulas are beyond the scope of this document, while changing the default computation method for columns, you should keep in mind that “In History” values are computed in relation to more recently received data.

    • Max In History – the maximum value of the counter’s current buffer.
    • Average – the average value computed on all values recorded by the counter since its sampling started. Valuable mainly for long-term analysis and establishing baselines.
    • Average In History – the average value of the counter’s current buffer. Valuable mainly for rapidly fluctuating counters, such as Page Faults/sec and CPU usage.

    In order to illustrate the usage of the above values, let us consider the case of a computer’s “CPU” column. If you select “Average In History” in the “Severity by” drop-down list, you may witness a situation in which the counter will be colored red, while its displayed value is in the “green” range. The reason for this is the fact that the displayed value is based on the current value (e.g. 5%), while the severity color code is based upon the “Average In History” value, which may be high (e.g. 90%). This type of configuration makes sense in most environments, since a momentary peak of CPU usage is usually no cause for alarm, while a prolonged CPU load detected by the “Average In History” value my indicate a performance issue and justifies a color coded severity alert. It is highly recommended that you take extreme care when customizing the counter thresholds and their calculation sources. It is best to consider the variance and fluctuation rate of each counter when planning a change to these values.


    Some counters have a complex computation mechanism, which may fail under certain conditions. For example, when a value of a performance counter cannot be retrieved. For each of the metrics collected by ControlUp, you may decide that a failure to collect a counter’s value in itself represents an issue and should change the color of the column to yellow or red. For example, the XenApp Load.

    Configuring boundaries between Stress Levels

    Using the Stress Levels panel on the left side of the Stress Settings pane, you can customize the numeric boundaries between ControlUp’s stress levels.

    By default, all resources in your organization inherit the following default stress levels boundaries:

    • (No Stress) < 1
    • 1 <= Low < 2
    • 2 <= Medium < 3
    • 3 <= High < 6
    • 6 <= Critical

    Just like the stress level computation settings, these boundaries are configurable on a folder basis, which means that a resource (computer, session or process) with a stress level of 7 may be considered Critical in one folder and Medium in another, according to the needs of your environment.

    In order to customize the Stress Level boundaries for a subfolder:

    1. Switch to the Stress Settings tab of the Settings Window.
    2. Click on the desired subfolder in the organization tree.
    3. Uncheck the “Default Configurations” checkbox in the “Stress Levels” panel just below the tree.
    4. Adjust the numeric boundaries using the sliders or by typing the numbers into the fields corresponding to each level.
    5. Click “Apply Settings” on the Home ribbon.

    In order to reset default Stress Level boundaries for a subfolder:

    1. Switch to the Stress Settings tab of the Settings Window.
    2. Click on the desired subfolder in the organization tree.
    3. Check the “Default Configurations” checkbox in the “Stress Levels” panel just below the tree.
    4. Click “Apply Settings” on the Home ribbon.

    Receiving Stress Level Alerts

    You can configure ControlUp to alert you when resources in your environment reach a configured stress level. For more information, please refer to the Trigger Settings section.

  • Stress Levels Calculator Tool

    The ControlUp Stress Levels calculator gives ControlUp admins a better understanding of what to configure in their stress level settings. For details on how to configure stress levels, see Stress Settings.


    The Stress Levels Calculator is a tool that you access from the ControlUp script library. You import your ControlUp monitoring data from Insights and from the console into the tool. The tool then calculates at what levels you should be setting your stress levels in the ControlUp Console based on actual data from your own ControlUp monitored environment. 

    The calculations provided by the tool are recommendations and not requirements and can be changed in the configuration file described below. The tool uses the following levels as defaults for its recommendations:

    Percentile Threshold Level
    75% Yellow
    90% Red

    You should think about your ControlUp data and decide for which metrics you want to adjust stress levels. For example, you may want to see how your Sessions - Activity data performs and use the calculator to decide which stress levels would work best for that data. Or you may want to see CPU usage or how other resources perform.

    You can export data from:

    • Monitor data - for data coming directly from the monitor. Best for dynamic, shorter duration data that can change during a session, where you need frequent snapshots of what's happening. For example, CPU usage or other resources.
    • Insights data - for data that is best calculated over time. For example logon duration or session activity that is calculated per session and has more interesting data over time.

    The data you select to export for the tool should depend on which stress levels are most important for your organization to capture accurately.

    Prepare ControlUp Data for Export

    To get your data into the calculator tool, you first have to prepare the data from ControlUp for export.

    While the Stress Levels Calculator can work against any CSV file that contains the right header, the following are the metrics for which it is recommended to run the tool. 

    Monitor Data (via the Console)


    • Active memory
    • Consumed memory
    • CPU Usage %


    • CPU
    • Memory (working and private bytes)
    • GPU Encoder and Decoder Utilization
    • GPU Frame Bugger Utilization
    • Non-paged Pool Memory
    • Memory Utlization
    • Pages / Sec
    • Virtual Disk read or write IOPS


    • Average CPU Usage
    • Average Machine Memory Utilization
    • Hosts CPU
    • Hosts Memory

    Insights Data

    User Sessions Activity:


    Machine Statistics:


    Monitor Data - Export via Console

    Use monitor data for shorter durations where you would benefit from seeing frequent snapshots of what's happening in your environment.

    As part of the monitor data export, you must define a time period and interval for which you find the monitor data relevant. We recommend exporting data of the busiest times of the day per minute for a full hour per minute so you can set stress levels at the most 'stressful' times. 

    1. To store and export monitor data, you must have a file share where one of your shared credentials has write access.
    2. Open the Real-Time Console and in the menu ribbon, select Settings > Monitors.
    3. Select Monitor Settings. MonitorSettings.jpg
    4. Select Export Schedule > Add Export Rule... AddExportRule.jpg
    5. In the Add Export Rule dialog, select the Export view from the dropdown options. These include the contextual views you can view in the console, such as Folders, HostsSessions. AddExportRuleDialog.jpg
      Note: The data exported is always based on the Default preset of the Column Presets. ColumnPreset.jpg
    6. Select the relevant Days of the week, Start time, End time and Interval.
      Tip: We recommend selecting 1 minute intervals over an hour period during your busiest time of day.
    7. Repeat these steps to create an export rule for each view you want to export. Each schedule you create is added to the list of Export Schedules. You can identify your schedule by the view and times selected. 
      You can use the X icon to delete the schedule or the pencil icon to edit it.
    8. Enter a shared file location as the Reports Directory and the credentials to use to access that shared file location.
      Note: The location you select must be a shared location so that all the monitors in your ControlUp site/environment can report their data and write to this location. ReportsDirectory.jpg
    9. Once you have gathered the data, we recommend copying the files to a system with fast SSDs and high CPU speed to process them faster.

    Insights Data

    Use Insights to export data that is more interesting for you over a longer period of time, for example session data.

    1. Log into Insights and go to the report for the data you want to export, for example Sessions - Activity.
    2. Select a data range that represents a good example of the data you want to use as a representation of stress levels, for example 1W for one workweek. You can also select a specific range using the calendar.InsightsStressActivityRange.png
    3. Select Export > CSV. InsightsStressActivity.png
    4. When prompted, save the file to logical location. You will need this location when working in the tool.

    Run the tool

    Once you have exported data from your monitors and/or Insights, you can run the tool from the ControlUp Console.

    Access and define arguments

    Running this tool is like accessing any of ControlUp's scripts from the script library. You have to have at least one device connected so that you can locate and run the script for the tool.

    1. Right-click any of the connected devices in the ControlUp Console's grid. It can be any device as long as it's connected. The menu opens with a search at the top.
    2. In the search field, enter the word stress to locate the tool's script to run it. Search.jpg
    3. Click to select ControlUp Stress Settings calculator as the only available option. SearchResult.jpg
      The tool opens with the list of arguments you can edit as follows: 


    Argument Description Default Value
    Yellow Percentile Percentile for the tool to calculate Yellow threshold levels. 75
    Red Percentile Percentile for the tool to calculate Red threshold levels. 90
    Filtered Accounts Comma-separated list of unwanted accounts because they may generate too much irrelevant data* Loginbot
    Default Import Location Location where the tool accesses the data from ControlUp If no value given here, you can browse to (or copy) a location when running the tool.
    Default Export Location Location to where the data is exported from the tool If no value given here, you can browse to (or copy) a location when exporting the data from the tool.

    * We recommend you use the Filtered Accounts argument to optionally filter out accounts from the data to control the accuracy of the data imported into the tool. For example if you run Scoutbees, you would want to filter out all Scoutbees account because they might generate a lot of data regarding login sessions that is not relevant for calculating stress levels.

    If you don't change any of these values, you can run the tool with these defaults in the configuration file but you must change the folder locations while running the tool. 

    Import the data

    Once you set your arguments as described above and you click OK, you see the following tab options:
    - Monitor Data. Use this tab to calculate the values for data exported from the Console for the monitor. 
    - Insights Data. Use this tab to calculate the values for the CSV data exported from Insights.
    - Help. Access help information for running the tool.

    1. In either the Insights Data or Monitor Data tab, click Browse and select the CSV file for Insights data, or the folder for Monitor Data.
      Note: If you added a value for the Default Import Location in the arguments pop-up, the tool may import the data automatically and you may not have to select a folder for Monitor Data.
    2. For Monitor Data only, select the type of data you want to calculate. Make sure that the folder you previously selected has export files for the option you select.
    3. Click Load Data. The data may take a while to load and it may seem like the scripts are not responding. The data is loaded when the dropdown menu with with the message Load Data first has changed to Select Metric. LoadDataFirst.jpgSelectMetric.jpg
    4. Optionally for Monitor Data, if you selected Folders, Hosts or Machines as the data metric, a dropdown appears to Select a folder with a list of available folders in your ControlUp organization so you can further filter on the folder level.SelectFolder.jpg
    5. In the Select Metric field, select from the available metrics in the dropdown list.SelectMetric2.jpgConsumedMemory.jpg
    6. Optionally, you select these options for the metrics:
      - Ignore 0 values - For some metrics, like Latency and Logon duration, we recommend choosing to ignore the values that appear as N/A or 0 in the console.
      - Show Median - Displays an actual median value among all the values imported. 
      - Show Average - Displays the calculated average of all values imported.
    7. The Suggested Stress Level column gives you the stress level that you should define for both Yellow and Red values as defined your arguments when opening the tool (defaults are Yellow=75th Percentile, Red=90th Percentile).
      Go to the ControlUp Real-Time Console to adjust your stress levels for these metrics. For details, see Stress Settings.
    8. Click Clear at the bottom of the dialog to clear the data and begin calculating another metric.

    Export Data from the Tool

    You may want to export the data from the tool so you can see why you changed your stress levels and on what those changes were based. You can also go back and see if changing those levels caused any changes in your environment.

    You may want to export the data from the tool so you can use this file as future reference on how you want to change the thresholds.  as you may want to do a review of the data one after the other. The tool doesn't save the information so exporting it will enable you to keep historical information of what the ControlUp Stress calculator recommended.

    You can export the tool data in the following ways. These options appear at the bottom of the tool's dialog:

    • Copy CSV Data - if you select to copy the data, you can paste the data into your favorite text editor.
    • Export to CSV - if you select this option, you must supply a location to save the CSV file. The default names of the export files depend on from where you exported the data:
        • Monitor Stress Levels Calculation.csv
        • Insights Stress Levels Calculation.csv

    Tip: Name these files based on the data you exported. For example: Monitor Stress Levels Calculations for CPU Usage.csv






  • Schedule Settings

    The Schedule Settings tab of the Settings window enables ControlUp users to create and manage a list of predefined schedules which can be used with incident triggers and follow-up actions.

    Each schedule you create is added to the list of schedules available for selection in the following contexts:

    • When configuring an incident trigger, you can choose a schedule to restrict the incidents to the specified days and times defined in the schedule.
    • When adding a follow-up action to an incident trigger (such as sending an email alert), the schedule can be used to determine whether or not to perform the follow-up action when the trigger is activated.

    Each entry in this list is a matrix of hours and days of the week, specifying whether to enable incident recording for each of the time slots defined.

    For example, you may want to create a schedule and record incidents during peak hours of the work week and not record incidents during the weekend. You would select Monday through Friday, 9:00am through 5:00pm, select Record incident and be sure give the schedule an immediately recognizable name like "Peak working days/hours".

    To add a schedule entry:

    1. In the Settings tab, click Schedule. The Manage Schedules dialog opens.
    2. Click Add Schedule. The Alert Event Schedule dialog opens.
    3. In the Schedule name field, enter a name for your schedule (e.g. “All Week Except Saturday Downtime”).
    4. Use your mouse to highlight and select the days and times when you want incidents recorded. 
    5. Select Record incident for the timeslot you just highlighted. The timeslot selected appears blue. 
    6. If there are times during this timeslot that you do not want incidents recorded, highlight those times with your mouse, and then select Do not record incident. Those timeslots, even if they appear within the original timeslot now appear white.
      Tip: Check that the days/times when you want incidents recorded appear in blue and the days/times when you don't want incidents recorded appear white.schedule_settings_1.png
    7. Click OK to save your schedule. You should see your schedule listed in the Name column, with the days/times you highlighted in the Schedule column next to it. 



  • Data-Source Distribution Guidelines

    Introduction to the Data-Source Distribution Guidelines

    When you add multiple Monitors to your organization, ControlUp automatically deploys them as a cluster. Each Monitor in the cluster is assigned particular roles it is responsible for filling.
    In order to minimize latency, a separate Site should be created for each physical location that is to be monitored. The site should be configured to include all the Monitors, and all the data sources they monitor, that are situated in that location.
    For High Availability, an additional Monitor should be set up at each monitored Site as a backup.
    Additional information:
    • Introduction to ControlUp Monitor Clusters in v8
    • Sizing Guidelines for ControlUp v8.x
    • ControlUp Monitor

    A Data-Source is any logical resource in your organization that is monitored by ControlUp.  For example, physical and virtual machines, hypervisors, XenDesktops, NetScalers, etc.

    Merging of data by association index is only performed per Site and not for the entire organization. Because of this, related data sources should be assigned to the same site. For example, if you have in your organization a Hypervisor connection, ControUp agent installed on the VMs, and a EUC connection of the environment that the same VMs are part of, they should all be monitored within the same ControlUp Site. 

    Tabel Of Contents 


    Managing the Organization's Data Sources in multi Site Configuration

    In the next steps, we'll explain how to access the data-sources management window in order for them to be managed by the ControlUp administrator in the organization. 

    1. In the Real-Time Console, select the Settings tab,
    2. Click  Monitors.
    3. The monitor window will appear. Within the menu bar, click Settings.
    4. From the right-side panel, click on Data Sources (this tab will only be available when multisite is configured).
      The folder structure you see in this window will be identical to the folder structure in the real-time console. 

    You can delegate Site association in the Site column and choose which site to associate with the specific data source. You can delegate Site association on machines, folders, hypervisors, etc. 

    Here are some examples;

    • If you have a VM which resides under the London site, the machine will need to be configured here to be associated with the London site. 
    • If your VMware data center is located on the London site, you can associate that data source with London. Simply change the settings in the Data Sources settings window and the monitor will perform the change. 


    When assigning a hypervisor to a specific site, you will need to change the site association to the VMs under the same hypervisor which is in the folder structure as well.
    For example, if 'Nurse-PC' (VM) resides on 'VMware Demo1', we'll change the site performance on the hypervisors as well as the machine. See the image below for reference. 


    Note: If you move/drag a machine on folder A which is associated with Site A to a new folder, for example, folder B which is associated with Site B, the Site switch will not occur automatically. You will need to perform the change in the Data Sources settings window. 

    Data Sources Quickview & Connection State

    You can also view the Data Sources tab and see which data source is connected to which monitor specifically and see the status of the connection.

    • In the Monitor window, click on the Data Sources tab -
      In the image above, we can see that 'Win10GPU-1' is connected to the 'CUMONITOR01' monitor. 
      • You can also click Show under the Status column and see the connection status.
        If the machine is connected successfully. it will state Ready for VMs and Connected for hypervisors\XD sites and will state the initial connection time e.g.:
        mceclip0.pngIf the data source is not connected, a detailed description of the issue will be presented. E.g:
  • Monitors Settings

    This tab displays all ControlUp Monitor instances installed in your organization, while allowing you to review their current status, remove, stop, start or reconfigure existing Monitor instances, and to install new Monitor instances.

    For more information about installing and configuring ControlUp Monitor, please refer to the ControlUp Monitor chapter of this documentation.

  • Branch Mapping

    This tab provides the ability to configure a list of IP subnets utilized on your network and map them to names of geographical locations, buildings or organizational branches. As a result of this configuration, ControlUp will be able to assign a source branch name to every user session and populate the “Branch Name” column with this name.

    For example, in an organization in which the New York office uses the subnet and the Chicago office uses the subnet, the mapping table should be configured to map those subnet addresses to the branch names. As a result, the Branch Name column of the sessions view will be populated with the value of “New York” for all user sessions established from client IP addresses in the range, and with the value of “Chicago” for the range.

    The list of subnets and branch names can be configured manually or imported using a CSV file by clicking the Import button. Here’s an example content of a supported CSV file for reference:

    Name,Site,Chicago,Chicago,Amsterdam,Servers Subnet,Test Workstation

    If your Active Directory has subnet objects already linked to the sites representing the geographical topology of your organization, you can use the Active Directory Sites and Services to export a CSV file which can be imported directly into ControlUp. To do so, perform the following steps:

    1. Open Active Directory Sites and Services
    2. Expand the Sites container in the tree view
    3. Right-click the Subnets container and click Export List…
    4. Save the file as “Text (Comma Delimited) (*.csv)”
    5. Open the Branch Mapping tab of the Settings window in ControlUp
    6. Click Import
    7. Browse to the file exported in the steps above

    In case the client IP address does not belong to any of the subnets configured in the mapping table, the Branch Name column can be left empty or populated with a custom value. This behavior can be configured using the “Unrecognized IP Addresses” area in the Branch Mapping tab of the Settings window.

  • Data Upload Settings

    This tab provides access to settings that define how ControlUp uploads data to the cloud servers.

    Incidents Reporting

    The “Incidents Reporting” checkbox defines whether incident triggers defined in your ControlUp organization cause entries to be recorded in the cloud database. When this setting is enabled, ControlUp records an incident entry in the cloud Incidents database every time a condition is detected that matches one of the triggers defined in your organization. This enables for investigating past incidents using the Incidents pane, and for receiving alerts by email or by using the ControlUp Mobile App.

    This checkbox is checked by default. When this option is unchecked, incidents are not reported to the cloud, and all alerting and historical analysis of incidents are disabled.

    Insights Activity Data Upload

    The “Upload historical activity for display in ControlUp Insights” checkbox defines whether ControlUp Monitor instances in your organization upload activity data for the purpose of displaying reports in ControlUp Insights.

    This checkbox is checked by default. When this option is unchecked, no data will be uploaded to ControlUp Insights and no data will be shown in the reports.

    Upload Bandwidth Limit

    The “Upload bandwidth limit” area provides a means to configure a bandwidth limit for the activity data upload process. By default, upload bandwidth is unrestricted.

    The “Daily upload statistics” area provides the average and maximum volumes of data uploaded to the Insights portal.

    Upload Schedule

    The Upload Schedule dropdown enables for a schedule definition to be applied to the upload process. The schedule definition can be selected from a list of schedules created in the Schedule Settings tab of the settings window. By default, upload schedule is unrestricted, meaning that activity data is uploaded automatically as needed.

    Please note that restricting the upload schedule and limiting the upload bandwidth may cause ControlUp Insights to fail to display up-to-date information. In extreme cases, if schedule and bandwidth are insufficient to upload activity data in a timely manner, ControlUp might discard activity data which will cause report data to be lost permanently. Therefore, it is recommended that you consult with ControlUp Support before modifying those settings.

  • App Load Time

    An important measure of user experience is the amount of time it takes for user mode applications to initialize fully before their user interface becomes accessible (clickable) by the user. Applications that are slow to load may indicate system issues, resource bottlenecks, and user frustration.

    ControlUp has the ability to measure the time it takes any user-mode application to become available for the end user. This is an experimental feature that needs to be enabled and configured explicitly (for detailed instructions, see below). When configured, the application’s load time in seconds is displayed in the Processes view.

    By default, the list of monitored applications includes Microsoft Office applications, Internet Explorer and Google Chrome.

    In order to add an application for App Load Time monitoring, click on the Add Rule… button and provide the following parameters:

    • Process name/s, one per line - the name of the processes for which you would like to enable app load time monitoring. For every rule you create, it is recommended to enter process names that belong to a specific application or suite of applications, to enable for easier management of each application’s monitoring settings independently of other applications.

    Note : The parameters below are advanced settings with recommended default values. It is not recommended to modify those values without thoroughly testing the effect of those changes on your production workloads.

    • First sample after (default: 20 s, accepted values: 2-180 s) - determines how long after the process is started will ControlUp first try to assess the load time of the application. For applications that are particularly slow to load, this parameter may be increased.
    • Threshold sensitivity (default: 7, accepted values: 2-12) - determines the sensitivity of the algorithm that detects a decline in the rate of activity generated by the process. You can try lowering this value if ControlUp fails to detect an application that appears fully loaded from the user’s perspective.
    • Stop measuring after (default: 180 s, accepted values: 2-180 s) - when this period elapses after the process start time, ControlUp will stop timing the process load duration. Set this value to the maximum duration that you would like to wait for the process to load. This setting also determines the maximum value you will see in the App Load Time metrics in ControlUp.
    • Data Sample Interval (default 20 ms, accepted values 5-20 ms) - determines the precision of the mechanism (lower = more precise) and its demand for CPU cycles (lower = more CPU activity).
    • Include I/O rate (default: enabled) - determines whether ControlUp should consider I/O activity when determining application load time. If unchecked, ControlUp uses only the DLL load rate.

     For application load time troubleshooting, please refer to this article - Application Load Time


  • Virtual Expert Settings - Contextual Navigation Rules

    Contextual Navigation is a set of rules based on our Virtual Expert, intended to create a smoother, faster troubleshooting experience within the ControlUp Real-Time Console.


    Identifying an issue and clicking to drill down will create a customized path to the most relevant view and present the appropriate preset view.
    For example, if you click on a RAM cell then contextual navigation will take you to the appropriate view (e.g., sessions view) and display the RAM preset views so that all the relevant metrics are shown immediately. This optimizes and accelerates your troubleshooting process and skips any redundant stages along the way, getting to the root cause using a minimal amount of time and effort.

  • Audit Log Settings for v8.1 and Below

    NOTE: The Audit Log feature is currently under development. Only some of its planned capabilities are functional in this version of ControlUp (v. 7.2), and these features are experimental.

    Internal audit logs document changes within a system and actions performed by the system remotely, enabling system administrators to monitor those changes and activities. Such logs are primarily used in corporate environments.

    ControlUp is currently developing an Audit Log feature. When the feature is completed, it will be capable of logging information in its internal logs about two types of events:

    • Changes made to ControlUp’s configuration settings, such as creating a new user or adding a new hypervisor
    • Remote operations performed on managed assets through ControlUp, such as rebooting a VM or killing a process on a managed computer

    In its first phase of development, the ControlUp Audit Log feature can only record information about service operations initiated by ControlUp, and only SysLog and local-disk log storage are supported.

    The Audit Log feature is optional, and by default is not activated. If IT staff want to use it, they must turn it on and configure it, as explained below.

    Where Are the Audit Logs Stored?

    When the Audit Log feature is activated, it can save log data in up to three distinct data stores:

    • ControlUp cloud: The Insights database on the ControlUp server (mandatory, when supported)

    NOTE: This functionality is not yet available. However, once it is available, it will be activated automatically whenever the Audit Log feature is turned on, and it will not be possible to opt out of it.

    • SysLog: A SysLog server within the organization’s network (optional)
    • Local disk: A CSV file stored locally on the Console or Monitor machine from which ControlUp’s actions were initiated (optional)

    What Data Is Included in the Audit Logs?

    At present, only service operations (start service, stop service, restart service, edit service properties, etc.) are logged by the Audit Log system. In the future, all ControlUp actions – both changes within ControlUp and changes to resources managed by ControlUp – will be logged.

    For each entry in the audit logs, the following information is stored: 




    Date and time when the event was initiated.


    The source of the event (Web client, Console, PowerShell, automated action, Insights, etc).


    The status of the event (initiated, completed, aborted, error, etc).

    Requesting Computer

    The hostname or IP address of the computer from which the event was initiated

    Requesting User 

    The user account of the user who initiated the event


    The user account that was used to execute the command.

    Note: If this is the same as the Requesting User, this field is left blank.


    The type of action that was performed (kill process, add computer, etc).


    Supplementary information that is specific to the command.

    Object Type

    The type of the target object (process, session, computer, host, netscaler, organization, folder, datastore, vDisk, etc).

    Object Name

    The name of the target object (computer hostname, hostname, Netscaler name, organization name, username, etc).

    Target Type

    The type of object on which the command was executed.

    Target Name

    The name of the object on which the command was executed (computer hostname, hypervisor name, Netscaler name, organization name, username, etc).


    The output of the operation.

    Data Snapshot

    All metrics of the target object at the moment of the event

    All metrics of all target object predecessors (parent objects) at the moment of the event

    All metrics of all target object successors (child objects) at the moment of the event

    For each metric, at the moment of the vent, we save Current value + Average in history + Max in history

    Executing computer

    The computer where the operation was executed (CU Console / CU Monitor / CU Agent).


    Modes of Operation

    The Audit Log feature supports two alternative modes of operation:

    • Regular mode (default): Each operation is logged in a single entry when it is executed.
    • Enforced mode: Operations cannot be executed until they are logged. No operations can be executed until acknowledgement is received from the relevant data stores that the entry was successfully recorded.

    NOTE: The SysLog system does not support the sending of acknowledgments. Because of this, even when Enforced mode is selected, and the SysLog option is also activated, ControlUp does not require an acknowledgment from the SysLog before allowing an operation to be executed. In ControlUp v.7.2, since the cloud data store is not yet functional, this means that Enforced mode has no effect unless the Local Disk storage option (see Where Are the Audit Logs Stored?) is activated.

    In Enforced mode, if the system fails to open an audit-log entry for an operation after three attempts, the operation is canceled, and an error message is returned.

    Configuring and Activating the Audit Log Feature

    The Audit Log feature can be configured and activated in the ControlUp Console settings.

    To configure and activate the Audit Log feature:

    1. In the ControlUp Management Console, under Settings, select the Audit Log button. AuditLog1.jpg The Audit Log settings open.


    Audit Log settings


    2. Configure the settings as follows:



    Enable Audit Logging

    Select this option to activate the Audit Log system.

    Note: In the future, selecting this option will automatically activate the cloud audit log. Currently, since the cloud log is not yet functional, if you want a log to be created, you must also select Save to local disk and/or Send to SysLog server.

    Fail action if auditing fails

    Select this option to turn on Enforced mode, which prevents actions from being performed if they are not successfully logged first (see Modes of Operation).

    Save to local disk

    Select this option to save a local audit log on each ControlUp Console or Monitor machine. Each log will save information about the ControlUp actions that were initiated from that machine.

    Send to Syslog server

    Select this option to save a central audit log to a Syslog server in the organization.

    After you select this option, fill in the following fields:

    · IP/hostname: Enter the IP address or hostname of the SysLog server.

    · Port: Enter the port to use to connect to the Syslog server.

    · Protocol: Select the protocol to use to connect to the SysLog server – UDP or TCP.

     3. Select OK (or Apply). The Audit Log feature is activated with the settings you specified.

    Viewing the Logs

    Each of the three logs is accessed in a different way:

    • ControlUp cloud: Once support for the cloud data-store is implemented, it will be possible to view a report in the ControlUp Insights portal. Data will be retained in this log for a period of a year after it was first recorded.
    • SysLog: The contents of the SysLog data store can be viewed using any standard Syslog reader (e.g., Splunk).
    • Local disk: Local audit logs are stored in the form of up to ten rotating files, named CSV, CUAudit1.csv, CUAudit2.csv, … CUAudit9.csv, each of which contains a maximum of 50 MB of data. The CUAudit.csv file contains the newest data; the higher the numbers in the names of the other files, the older the data those files contain. When all of the files are full, the oldest one is deleted, and the numbers in the names of all the others are incremented by one.
      The audit-log files are stored in the folder in which the Console or Monitor executable itself (ControlUpConsole.exe or cuMonitor.exe) is stored (e.g. C:\Program Files\Smart-X\ControlUpMonitor\Version for the Monitor). The files can be opened using any application that can handle CSV files (e.g., MS Excel).


    Audit Log stored locally in a CSV file opened in MS Excel

  • Advanced Monitor Settings

    This tab of the Settings Window defines performance management options that may help conserve system resources on the computer running the console. This can be achieved by configuring the following settings:

    Regulating the rate of performance updates

    ControlUp can be configured to pull performance updates from the managed computers instead of receiving push updates. This enables a degree of control over the number of updates received by the console, thus decreasing the amount of CPU cycles and RAM required in order to process updates.

    Note: It is recommended that you contact ControlUp Support before changing this setting. Our support engineers will suggest recommended values for the data collection parameters after assessing the size of your environment and the available resources.

    Disabling process views

    The Processes view is the most densely populated view in ControlUp, which may contain millions of records in large organizations. This setting enables you to disable updates for processes, which dramatically decreases the number of records which the console is required to process.

    Disable views that depend on process-level information

    When this option is enabled, the Processes view will be disabled, which means that you will not be able to see all processes in your organization in a single flat list. The Accounts and Applications views will no longer include rows that represent groups of processes. You will still be able to drill down into the process level of a selected computer or session. ControlUp Monitor will continue gathering process-level information for alerting and activity recording.