WPA看不到ETW事件数据,tracerpt看到 [英] WPA does not see ETW event data, tracerpt does
问题描述
I am capturing ADO.Net diagnostics ETW, as described in Data Access Tracing in SQL Server 2008. The setup works, an ETL file is produced and I can see the ADO.Net trace if I use, say, tracerpt:
System.Data, TextA, 0, 0, 0, 0, 17, 0, 0x0000000000000000, 0x000007D0, 0x00003A64, 1, , , {00000000-0000-0000-0000-000000000000}, , 131485096603462277, 450, 2400, 2, "enter_01 <prov.DbConnectionHelper.CreateDbCommand|API> 1# "
System.Data, TextA, 0, 0, 0, 0, 17, 0, 0x0000000000000000, 0x000007D0, 0x00003A64, 1, , , {00000000-0000-0000-0000-000000000000}, , 131485096603469806, 450, 2400, 2, "<sc.SqlCommand.set_Connection|API> 1#, 1# "
System.Data, TextA, 0, 0, 0, 0, 17, 0, 0x0000000000000000, 0x000007D0, 0x00003A64, 1, , , {00000000-0000-0000-0000-000000000000}, , 131485096603469816, 450, 2400, 2, "leave_01 "
System.Data, TextA, 0, 0, 0, 0, 17, 0, 0x0000000000000000, 0x000007D0, 0x00003A64, 1, , , {00000000-0000-0000-0000-000000000000}, , 131485096603471294, 450, 2400, 2, "<sc.SqlCommand.set_CommandText|API> 1#, '"
System.Data, TextA, 0, 0, 0, 0, 17, 0, 0x0000000000000000, 0x000007D0, 0x00003A64, 1, , , {00000000-0000-0000-0000-000000000000}, , 131485096603474160, 450, 2400, 2, "select cast(serverproperty('EngineEdition') as int)"
System.Data, TextA, 0, 0, 0, 0, 17, 0, 0x0000000000000000, 0x000007D0, 0x00003A64, 1, , , {00000000-0000-0000-0000-000000000000}, , 131485096603474174, 450, 2400, 2, "' "
System.Data, TextA, 0, 0, 0, 0, 17, 0, 0x0000000000000000, 0x000007D0, 0x00003A64, 1, , , {00000000-0000-0000-0000-000000000000}, , 131485096603523068, 450, 2400, 2, "<sc.SqlCommand.ExecuteReader|INFO> 1#, Command executed as SQLBATCH. "
但是,如果我将相同的ETL加载到 WPA 我认为捕获的事件没有任何用处.来自此提供程序的所有事件都显示Event Name <Unknown>,Event Type Classic,并且没有有关实际ADO.Net事件信息的信息(即tracerpt CSV输出中最右边的列):
But if I load the same ETL into WPA I see nothing useful about the events captured. All events from this provider display Event Name <Unknown>, Event Type Classic and no info about the actual ADO.Net event info (ie. the rightmost column in the tracerpt CSV output):
Line #, Provider Name, Task Name, Type (Opcode/Type ), Opcode Name, Id, Process, Annotation, Event Name, Event Type, Message, Cpu, ThreadId, Message, UserDataLength, Time (s)
1, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 3, 14056, , 0, 22.877068496
2, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 0, 14056, , 0, 22.877265256
3, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 0, 14056, , 0, 22.877275482
4, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 0, 14056, , 0, 22.877276892
5, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 0, 14056, , 0, 22.877299460
6, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 0, 14056, , 0, 22.877301223
7, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 1, 13276, , 0, 23.061972110
8, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 1, 13276, , 0, 23.061975636
9, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 1, 13276, , 0, 23.062004550
10, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 1, 13276, , 0, 23.063588859
11, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 1, 13276, , 0, 23.063617421
既然我可以在WPA中分析所有捕获的其他数据,我想知道ADO.Net诊断提供程序有什么不同之处,即事件对WPA如此不透明?
Since all other data I capture I can analyze in WPA, I wonder what is different about the ADO.Net diag provider that the events are so opaque to WPA?
推荐答案
Windows Performance Analyzer从注册表读取清单数据以解码事件.如果WPA无法获取数据,则仅对提供程序显示GUID,对任务名称和事件名称显示<Unknown>.那些托管对象格式WPA(经典,旧版提供程序)不支持通过ADO跟踪创建(MOF)文件,但是tracerpt.exe确实支持该文件.
Windows Performance Analyzer reads the manifest data from registry to decode the events. If WPA fails to get the data it shows only the GUID for provider and <Unknown> for Taskname and Eventname. Those Managed Object Format (MOF) files which ares by ADO tracing are not supported by WPA (classic, legacy provider), but it looks like tracerpt.exe does support it.
对于仅用于查找事件的ETL文件的原始分析,我建议 Perfview .
For raw analysis of ETL files to only look for Events, I suggest Perfview.
它有自己的解析器来获取解码事件:
It has its own parsers to get decode Events:
<Event MSec= "26176,0393" PID="11304" PName="foo" TID="8336" EventName="AdoNetDiag/TextW"
TimeStamp="09.02.17 16:47:39.338496" ID="Illegal" Version="0" Keywords="0x00000000" TimeStampQPC="1.241.241.278.025"
Level="Always" ProviderName="Bid2Etw_ADONETDIAG_ETW" ProviderGuid="7acdcac8-8947-f88a-e51a-24018f5129ef" ClassicProvider="True"
Opcode="18" TaskGuid="7acdcac9-8947-f88a-e51a-24018f5129ef" Channel="0" PointerSize="4"
CPU="1" EventIndex="1328680" TemplateType="DynamicTraceEventData">
<PrettyPrint>
<Event MSec= "26176,0393" PID="11304" PName="foo" TID="8336" EventName="AdoNetDiag/TextW" ProviderName="Bid2Etw_ADONETDIAG_ETW" ModID="0" msgStr="01:CONNECTED [526D0000]C:\Windows\Microsoft.Net\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll "System.Data.SNI.1" {C9996FA5-C06F-F20C-8A20-69B3BA392315}
"/>
</PrettyPrint>
因此,使用WPA对事件进行CPU,磁盘,文件io和Perfview的性能分析.
So use WPA for performance analysis of CPU, disk, file io and Perfview for the events.
这篇关于WPA看不到ETW事件数据,tracerpt看到的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
