Live Sessions

Three-Tab Diagnostic Modal

Live Sessions provide real-time, interactive diagnostics with a single agent. Click Live Session on any online agent to open the modal, which automatically starts ETW collection and establishes an SSE (Server-Sent Events) connection.

Query Tab

Natural language chat interface for AI-powered diagnostics:

  • Type questions in the input box and press Enter to send (Shift+Enter for new line)
  • The agent collects ETW events, runs local correlation (filtering out PII and proprietary data), builds a structured prompt, and sends it to Cloud AI
  • Responses include diagnostic findings, root cause analysis, and actionable recommendations
  • Conversation history supports up to 10 turns of context
  • Each question consumes 1 query from your organization pool

Shell Tab

Remote command-line interface for direct execution on the agent:

  • Shell Type Toggle: Switch between PowerShell and CMD via dropdown
  • Press Enter to execute; ↑/↓ arrow keys for command history
  • Saved Scripts: Dropdown of pre-saved scripts with one-click execution. Script Manager to create, edit, delete.
  • Terminal-style output with exit codes, stdout, and stderr
  • Limits: 5-minute timeout per command, max 3 concurrent commands
  • Runs under: Agent service account (Local System for managed agents)

Files Tab

Bidirectional file transfers between your browser and the agent:

  • Push File: Upload from browser with a destination path on the agent
  • Pull File: Download from agent by specifying a source path
  • Transferred in 1 MB chunks with MD5 verification
  • Real-time progress bars with percentage and byte count
  • Completed pulls show a Download button
  • Limits: Max 2 concurrent transfers; status refreshes every 5 seconds

Session Lifecycle

Starting

  1. Click Live Session on an online agent
  2. ETW collection initiates on the agent
  3. SSE connection establishes with QueryResponse, QueryFailed, and SessionEnded event handlers
  4. Three-tab modal opens — ready for queries

Ending

  1. Click End Session
  2. ETW collection stops on the agent
  3. SSE stream closes; agent returns to previous mode

Only one live session per agent at a time. Session history is not retained after closing.

Effective Query Tips

  • Be Specific: “Why can't user John access \\server\share?” beats “Why doesn't this work?”
  • Include Context: Mention app names, file paths, service names, user accounts
  • Start Broad, Then Narrow: Overview first, then drill down
  • One Issue at a Time: Focus on a single problem for best correlation
  • Processing Time: Most queries return in 3–10 seconds