Display Filter Reference: Event Tracing for Windows
Protocol field name: etw
Versions: 3.6.0
Back to Display Filter Reference
| Field name | Description | Type | Versions |
|---|---|---|---|
| etw.activity_id | Activity ID | Globally Unique Identifier | 3.6.0 |
| etw.buffer_context.alignment | Alignment | Unsigned integer, 1 byte | 3.6.0 |
| etw.buffer_context.logger_id | ID | Unsigned integer, 2 bytes | 3.6.0 |
| etw.buffer_context.processor_number | Processor Number | Unsigned integer, 1 byte | 3.6.0 |
| etw.descriptor.channel | Channel | Unsigned integer, 1 byte | 3.6.0 |
| etw.descriptor.id | ID | Unsigned integer, 2 bytes | 3.6.0 |
| etw.descriptor.keywords | Keywords | Unsigned integer, 8 bytes | 3.6.0 |
| etw.descriptor.level | Level | Unsigned integer, 1 byte | 3.6.0 |
| etw.descriptor.opcode | Opcode | Unsigned integer, 1 byte | 3.6.0 |
| etw.descriptor.task | Task | Unsigned integer, 2 bytes | 3.6.0 |
| etw.descriptor.version | Version | Unsigned integer, 1 byte | 3.6.0 |
| etw.event_property | Event Property | Unsigned integer, 2 bytes | 3.6.0 |
| etw.flags | Flags | Unsigned integer, 2 bytes | 3.6.0 |
| etw.header_type | Header Type | Unsigned integer, 2 bytes | 3.6.0 |
| etw.message | Event Message | Character string | 3.6.0 |
| etw.message_length | Message Length | Unsigned integer, 4 bytes | 3.6.0 |
| etw.process_id | Process ID | Unsigned integer, 4 bytes | 3.6.0 |
| etw.processor_time | Processor Time | Unsigned integer, 8 bytes | 3.6.0 |
| etw.provider_id | Provider ID | Globally Unique Identifier | 3.6.0 |
| etw.provider_name | Provider Name | Character string | 3.6.0 |
| etw.provider_name_length | Provider Name Length | Unsigned integer, 4 bytes | 3.6.0 |
| etw.size | Size | Unsigned integer, 2 bytes | 3.6.0 |
| etw.thread_id | Thread ID | Unsigned integer, 4 bytes | 3.6.0 |
| etw.time_stamp | Time Stamp | Unsigned integer, 8 bytes | 3.6.0 |
| etw.user_data_length | User Data Length | Unsigned integer, 4 bytes | 3.6.0 |