WPA does not see ETW event data, tracerpt does

1.3k views Asked by At

I am capturing ADO.Net diagnostics ETW, as described in Data Access Tracing in SQL Server 2008. The setup works, an ETL file is produced and I can see the ADO.Net trace if I use, say, tracerpt:

 System.Data,      TextA,            0,          0,          0,          0,         17,          0, 0x0000000000000000, 0x000007D0, 0x00003A64,                    1,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   131485096603462277,        450,       2400,        2, "enter_01 <prov.DbConnectionHelper.CreateDbCommand|API> 1# "
 System.Data,      TextA,            0,          0,          0,          0,         17,          0, 0x0000000000000000, 0x000007D0, 0x00003A64,                    1,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   131485096603469806,        450,       2400,        2, "<sc.SqlCommand.set_Connection|API> 1#, 1# "
 System.Data,      TextA,            0,          0,          0,          0,         17,          0, 0x0000000000000000, 0x000007D0, 0x00003A64,                    1,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   131485096603469816,        450,       2400,        2, "leave_01 "
 System.Data,      TextA,            0,          0,          0,          0,         17,          0, 0x0000000000000000, 0x000007D0, 0x00003A64,                    1,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   131485096603471294,        450,       2400,        2, "<sc.SqlCommand.set_CommandText|API> 1#, '"
 System.Data,      TextA,            0,          0,          0,          0,         17,          0, 0x0000000000000000, 0x000007D0, 0x00003A64,                    1,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   131485096603474160,        450,       2400,        2, "select cast(serverproperty('EngineEdition') as int)"
 System.Data,      TextA,            0,          0,          0,          0,         17,          0, 0x0000000000000000, 0x000007D0, 0x00003A64,                    1,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   131485096603474174,        450,       2400,        2, "' "
 System.Data,      TextA,            0,          0,          0,          0,         17,          0, 0x0000000000000000, 0x000007D0, 0x00003A64,                    1,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   131485096603523068,        450,       2400,        2, "<sc.SqlCommand.ExecuteReader|INFO> 1#, Command executed as SQLBATCH. "

But if I load the same ETL into WPA I see nothing useful about the events captured. All events from this provider display Event Name <Unknown>, Event Type Classic and no info about the actual ADO.Net event info (ie. the rightmost column in the tracerpt CSV output):

Line #, Provider Name, Task Name, Type (Opcode/Type ), Opcode Name, Id, Process, Annotation, Event Name, Event Type, Message, Cpu, ThreadId, Message, UserDataLength, Time (s)
1, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 3, 14056, , 0, 22.877068496
2, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 0, 14056, , 0, 22.877265256
3, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 0, 14056, , 0, 22.877275482
4, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 0, 14056, , 0, 22.877276892
5, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 0, 14056, , 0, 22.877299460
6, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 0, 14056, , 0, 22.877301223
7, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 1, 13276, , 0, 23.061972110
8, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 1, 13276, , 0, 23.061975636
9, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 1, 13276, , 0, 23.062004550
10, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 1, 13276, , 0, 23.063588859
11, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 1, 13276, , 0, 23.063617421

Since all other data I capture I can analyze in WPA, I wonder what is different about the ADO.Net diag provider that the events are so opaque to WPA?

1

There are 1 answers

0
magicandre1981 On BEST ANSWER

Windows Performance Analyzer reads the manifest data from registry to decode the events. If WPA fails to get the data it shows only the GUID for provider and <Unknown> for Taskname and Eventname. Those Managed Object Format (MOF) files which ares by ADO tracing are not supported by WPA (classic, legacy provider), but it looks like tracerpt.exe does support it.

For raw analysis of ETL files to only look for Events, I suggest Perfview.

It has its own parsers to get decode Events:

enter image description here

<Event MSec= "26176,0393" PID="11304" PName="foo" TID="8336" EventName="AdoNetDiag/TextW"
  TimeStamp="09.02.17 16:47:39.338496" ID="Illegal" Version="0" Keywords="0x00000000" TimeStampQPC="1.241.241.278.025"
  Level="Always" ProviderName="Bid2Etw_ADONETDIAG_ETW" ProviderGuid="7acdcac8-8947-f88a-e51a-24018f5129ef" ClassicProvider="True"
  Opcode="18" TaskGuid="7acdcac9-8947-f88a-e51a-24018f5129ef" Channel="0" PointerSize="4"
  CPU="1" EventIndex="1328680" TemplateType="DynamicTraceEventData">
  <PrettyPrint>
    <Event MSec= "26176,0393" PID="11304" PName="foo" TID="8336" EventName="AdoNetDiag/TextW" ProviderName="Bid2Etw_ADONETDIAG_ETW" ModID="0" msgStr="01:CONNECTED [526D0000]C:\Windows\Microsoft.Net\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll  &quot;System.Data.SNI.1&quot; {C9996FA5-C06F-F20C-8A20-69B3BA392315}
    "/>
  </PrettyPrint>

So use WPA for performance analysis of CPU, disk, file io and Perfview for the events.