Display Filter Reference: Event Tracing for Windows

Protocol field name: etw

Versions: 3.6.0 to 4.4.1

Back to Display Filter Reference

Field name Description Type Versions
etw.activity_idActivity IDGlobally Unique Identifier3.6.0 to 4.4.1
etw.buffer_context.alignmentAlignmentUnsigned integer (8 bits)3.6.0 to 4.4.1
etw.buffer_context.logger_idIDUnsigned integer (16 bits)3.6.0 to 4.4.1
etw.buffer_context.processor_numberProcessor NumberUnsigned integer (8 bits)3.6.0 to 4.4.1
etw.descriptor.channelChannelUnsigned integer (8 bits)3.6.0 to 4.4.1
etw.descriptor.idIDUnsigned integer (16 bits)3.6.0 to 4.4.1
etw.descriptor.keywordsKeywordsUnsigned integer (64 bits)3.6.0 to 4.4.1
etw.descriptor.levelLevelUnsigned integer (8 bits)3.6.0 to 4.4.1
etw.descriptor.opcodeOpcodeUnsigned integer (8 bits)3.6.0 to 4.4.1
etw.descriptor.taskTaskUnsigned integer (16 bits)3.6.0 to 4.4.1
etw.descriptor.versionVersionUnsigned integer (8 bits)3.6.0 to 4.4.1
etw.event_propertyEvent PropertyUnsigned integer (16 bits)3.6.0 to 4.4.1
etw.flagsFlagsUnsigned integer (16 bits)3.6.0 to 4.4.1
etw.header.flag.32_bit_header32-bit HeaderUnsigned integer (32 bits)4.4.0 to 4.4.1
etw.header.flag.64_bit_header64-bit HeaderUnsigned integer (32 bits)4.4.0 to 4.4.1
etw.header.flag.classic_headerClassic HeaderUnsigned integer (32 bits)4.4.0 to 4.4.1
etw.header.flag.decode_guidDecode GUIDUnsigned integer (32 bits)4.4.0 to 4.4.1
etw.header.flag.extended_infoExtended InfoUnsigned integer (32 bits)4.4.0 to 4.4.1
etw.header.flag.no_cputimeNo CPU timeUnsigned integer (32 bits)4.4.0 to 4.4.1
etw.header.flag.private_sessionPrivate SessionUnsigned integer (32 bits)4.4.0 to 4.4.1
etw.header.flag.processor_indexProcessor IndexUnsigned integer (32 bits)4.4.0 to 4.4.1
etw.header.flag.string_onlyString OnlyUnsigned integer (32 bits)4.4.0 to 4.4.1
etw.header.flag.trace_messageTrace MessageUnsigned integer (32 bits)4.4.0 to 4.4.1
etw.header_typeHeader TypeUnsigned integer (16 bits)3.6.0 to 4.4.1
etw.messageEvent MessageCharacter string3.6.0 to 4.4.1
etw.message_lengthMessage LengthUnsigned integer (32 bits)3.6.0 to 4.4.1
etw.process_idProcess IDUnsigned integer (32 bits)3.6.0 to 4.4.1
etw.processor_timeProcessor TimeUnsigned integer (64 bits)3.6.0 to 4.4.1
etw.property.forwarded_xmlForwarded XMLUnsigned integer (32 bits)4.4.0 to 4.4.1
etw.property.legacy_eventLegacy Event LogUnsigned integer (32 bits)4.4.0 to 4.4.1
etw.property.legacy_reloggableLegacy ReloggableUnsigned integer (32 bits)4.4.0 to 4.4.1
etw.property.xmlXMLUnsigned integer (32 bits)4.4.0 to 4.4.1
etw.provider_idProvider IDGlobally Unique Identifier3.6.0 to 4.4.1
etw.provider_nameProvider NameCharacter string3.6.0 to 4.4.1
etw.provider_name_lengthProvider Name LengthUnsigned integer (32 bits)3.6.0 to 4.4.1
etw.sizeSizeUnsigned integer (16 bits)3.6.0 to 4.4.1
etw.thread_idThread IDUnsigned integer (32 bits)3.6.0 to 4.4.1
etw.time_stampTime StampUnsigned integer (64 bits)3.6.0 to 4.4.1
etw.user_data_lengthUser Data LengthUnsigned integer (32 bits)3.6.0 to 4.4.1