Display Filter Reference: Event Tracing for Windows
Protocol field name: etw
Versions: 3.6.0 to 4.0.8
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| etw | Activity ID | Globally Unique Identifier | 3.6.0 to 4.0.8 |
| etw | Alignment | Unsigned integer (8 bits) | 3.6.0 to 4.0.8 |
| etw | ID | Unsigned integer (16 bits) | 3.6.0 to 4.0.8 |
| etw | Processor Number | Unsigned integer (8 bits) | 3.6.0 to 4.0.8 |
| etw | Channel | Unsigned integer (8 bits) | 3.6.0 to 4.0.8 |
| etw | ID | Unsigned integer (16 bits) | 3.6.0 to 4.0.8 |
| etw | Keywords | Unsigned integer (64 bits) | 3.6.0 to 4.0.8 |
| etw | Level | Unsigned integer (8 bits) | 3.6.0 to 4.0.8 |
| etw | Opcode | Unsigned integer (8 bits) | 3.6.0 to 4.0.8 |
| etw | Task | Unsigned integer (16 bits) | 3.6.0 to 4.0.8 |
| etw | Version | Unsigned integer (8 bits) | 3.6.0 to 4.0.8 |
| etw | Event Property | Unsigned integer (16 bits) | 3.6.0 to 4.0.8 |
| etw | Flags | Unsigned integer (16 bits) | 3.6.0 to 4.0.8 |
| etw | Header Type | Unsigned integer (16 bits) | 3.6.0 to 4.0.8 |
| etw | Event Message | Character string | 3.6.0 to 4.0.8 |
| etw | Message Length | Unsigned integer (32 bits) | 3.6.0 to 4.0.8 |
| etw | Process ID | Unsigned integer (32 bits) | 3.6.0 to 4.0.8 |
| etw | Processor Time | Unsigned integer (64 bits) | 3.6.0 to 4.0.8 |
| etw | Provider ID | Globally Unique Identifier | 3.6.0 to 4.0.8 |
| etw | Provider Name | Character string | 3.6.0 to 4.0.8 |
| etw | Provider Name Length | Unsigned integer (32 bits) | 3.6.0 to 4.0.8 |
| etw | Size | Unsigned integer (16 bits) | 3.6.0 to 4.0.8 |
| etw | Thread ID | Unsigned integer (32 bits) | 3.6.0 to 4.0.8 |
| etw | Time Stamp | Unsigned integer (64 bits) | 3.6.0 to 4.0.8 |
| etw | User Data Length | Unsigned integer (32 bits) | 3.6.0 to 4.0.8 |