如何强制 PerfView 收集仅来自一个进程的 ETW 事件
How to force PerfView to collect ETW events coming only from one process
我知道有一个 /Process:NameOrPID 开关,但它只影响 /StopXXX 命令。从所有进程收集 ETW 事件会产生大的 *.ETL 文件。我试图只从一个进程中捕获 ETW 事件,以避免用不相关的 ETW 事件污染输出文件。
更新于 2019-04-14。
现在有办法做到这一点。请使用 PerfView 2.0.32 中可用的 /focusProcess=ProcessIDOrName 选项(也可从 2.0.39 开始的 UI 中使用)。
如果您知道从进程中发出事件的 ETW 提供程序的名称,您可以在“其他提供程序”文本框中或在 perfview 的 -Providers 或 -OnlyProviders 命令行参数中指定提供程序时过滤进程。
来自 PerfView 的文档:
The Additional Providers TextBox - A comma separated list of specifications for providers. This can be specified by using the (the ... button) or by the following textual specification. Each provider specification has the general form of provider:keywords:level:values. The keyword and levels specification parts are optional and can be omitted (For example provider:keywords:values or provider:values is legal).
进程过滤器出现在值部分。文档中的相关部分:
values - this is a list of semicolon-separated values KEY=VALUE, which are used to pass extra information to the provider or to the ETW system. KEY values that begin with an @ are commands to the ETW system. Everything else is passed on the the provider (EventSources have direct support for accepting this information in its OnEventCommand method). The special ETW keywords include
- @ProcessIDFilter - a space separated list of decimal process IDs to collect data from. Only events from these processes (or those named in the @ProcessNameFilter) will be collected. Since IDs only exist after a process is created, this only works on processes that are running at the time collection starts.
- @ProcessNameFilter - a space separated list of process names (a process name is the file name (no path) of the executable INCLUDING the .EXE extension). Only events from the names processes (or those named in the @ProcessIDFilter) will be collected. It does not matter if the process was running before collection or not.
因此,如果我在名为 my.process.exe[=27 的进程中有一个名为 my-provider 运行ning 的 ETW 提供程序=],我可以 运行 在命令行针对进程进行 perfview 跟踪,如下所示:
perfview collect -OnlyProviders:"*my-provider:@ProcessNameFilter=my.process.exe"
您仍会获得一些 perfview 事件,但除此之外您的事件日志应该是干净的。
我知道有一个 /Process:NameOrPID 开关,但它只影响 /StopXXX 命令。从所有进程收集 ETW 事件会产生大的 *.ETL 文件。我试图只从一个进程中捕获 ETW 事件,以避免用不相关的 ETW 事件污染输出文件。
更新于 2019-04-14。
现在有办法做到这一点。请使用 PerfView 2.0.32 中可用的 /focusProcess=ProcessIDOrName 选项(也可从 2.0.39 开始的 UI 中使用)。
如果您知道从进程中发出事件的 ETW 提供程序的名称,您可以在“其他提供程序”文本框中或在 perfview 的 -Providers 或 -OnlyProviders 命令行参数中指定提供程序时过滤进程。
来自 PerfView 的文档:
The Additional Providers TextBox - A comma separated list of specifications for providers. This can be specified by using the (the ... button) or by the following textual specification. Each provider specification has the general form of provider:keywords:level:values. The keyword and levels specification parts are optional and can be omitted (For example provider:keywords:values or provider:values is legal).
进程过滤器出现在值部分。文档中的相关部分:
values - this is a list of semicolon-separated values KEY=VALUE, which are used to pass extra information to the provider or to the ETW system. KEY values that begin with an @ are commands to the ETW system. Everything else is passed on the the provider (EventSources have direct support for accepting this information in its OnEventCommand method). The special ETW keywords include
- @ProcessIDFilter - a space separated list of decimal process IDs to collect data from. Only events from these processes (or those named in the @ProcessNameFilter) will be collected. Since IDs only exist after a process is created, this only works on processes that are running at the time collection starts.
- @ProcessNameFilter - a space separated list of process names (a process name is the file name (no path) of the executable INCLUDING the .EXE extension). Only events from the names processes (or those named in the @ProcessIDFilter) will be collected. It does not matter if the process was running before collection or not.
因此,如果我在名为 my.process.exe[=27 的进程中有一个名为 my-provider 运行ning 的 ETW 提供程序=],我可以 运行 在命令行针对进程进行 perfview 跟踪,如下所示:
perfview collect -OnlyProviders:"*my-provider:@ProcessNameFilter=my.process.exe"
您仍会获得一些 perfview 事件,但除此之外您的事件日志应该是干净的。