On my previous post I’ve shown how to consume ETW data using Data collector sets. What we’ve done there was setting the grounds for heaving a .etl file with the data we are going to read.
Let’s have another look at part of the code from Yaniv’s post
descriptor = new EventDescriptor(
0x7d1, 0x1, 0x10, 0x0, 0x0, 0x0, (long)0x8000000000000000
Console.WriteLine("Please enter the number of events to be written and
var returns = int.Parse(Console.ReadLine());
for (int i = 0; i < returns; i++)
// we pass the event descriptor by ref and the counter
// as our payload. Please note that the payload is passed
// as params object so we can enjoy some good ol' boxing
provider.WriteEvent(ref descriptor, i);
This is the code section that write the events to our data collector (i.e our .etl file). Let’s see
first how will our .etl file look:
All we need to do is simply double click the file or open it with
Windows Performance analyzer (XperfView) .
The screen will look like that:
The red points collection (which looks like line from here) are the events written to
the .etl file. We can, for our own convenience, select part of the chart and press
“Zoom to selection” as shown below:
After doing so we will see the chart as a collection of points, and now we can have a look at
a single point and understand what an event actually is.
At the tooltip we can see the provider GUID (as being set in Yaniv’s post) along with the
data set in the event descriptor’s (the parameters at it’s contructor).
At the callback (bottom line) we can see number “4” which is the index
sent by our code to the WriteEvent method.
In this post we’ve seen an etl file visualization with XperfView. The file is the data collected
by operating our Data Collectors Set as shown at my previous post . Next I’ll discuss some
more features of XperfView.