sql-server - WPA 看不到 ETW 事件数据，而 tracerpt 可以

Question

我正在捕获 ADO.Net 诊断 ETW，如 Data Access Tracing in SQL Server 2008 中所述.设置有效，生成了一个 ETL 文件，如果我使用，例如 tracerpt，我可以看到 ADO.Net 跟踪。 :

 System.Data,      TextA,            0,          0,          0,          0,         17,          0, 0x0000000000000000, 0x000007D0, 0x00003A64,                    1,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   131485096603462277,        450,       2400,        2, "enter_01 <prov.DbConnectionHelper.CreateDbCommand|API> 1# "
 System.Data,      TextA,            0,          0,          0,          0,         17,          0, 0x0000000000000000, 0x000007D0, 0x00003A64,                    1,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   131485096603469806,        450,       2400,        2, "<sc.SqlCommand.set_Connection|API> 1#, 1# "
 System.Data,      TextA,            0,          0,          0,          0,         17,          0, 0x0000000000000000, 0x000007D0, 0x00003A64,                    1,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   131485096603469816,        450,       2400,        2, "leave_01 "
 System.Data,      TextA,            0,          0,          0,          0,         17,          0, 0x0000000000000000, 0x000007D0, 0x00003A64,                    1,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   131485096603471294,        450,       2400,        2, "<sc.SqlCommand.set_CommandText|API> 1#, '"
 System.Data,      TextA,            0,          0,          0,          0,         17,          0, 0x0000000000000000, 0x000007D0, 0x00003A64,                    1,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   131485096603474160,        450,       2400,        2, "select cast(serverproperty('EngineEdition') as int)"
 System.Data,      TextA,            0,          0,          0,          0,         17,          0, 0x0000000000000000, 0x000007D0, 0x00003A64,                    1,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   131485096603474174,        450,       2400,        2, "' "
 System.Data,      TextA,            0,          0,          0,          0,         17,          0, 0x0000000000000000, 0x000007D0, 0x00003A64,                    1,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   131485096603523068,        450,       2400,        2, "<sc.SqlCommand.ExecuteReader|INFO> 1#, Command executed as SQLBATCH. "

但是如果我将相同的 ETL 加载到 WPA我认为捕获的事件没有任何用处。来自该提供商的所有事件显示 Event Name <Unknown> , Event Type Classic并且没有关于实际 ADO.Net 事件信息的信息(即 tracerpt CSV 输出中最右边的列):

Line #, Provider Name, Task Name, Type (Opcode/Type ), Opcode Name, Id, Process, Annotation, Event Name, Event Type, Message, Cpu, ThreadId, Message, UserDataLength, Time (s)
1, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 3, 14056, , 0, 22.877068496
2, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 0, 14056, , 0, 22.877265256
3, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 0, 14056, , 0, 22.877275482
4, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 0, 14056, , 0, 22.877276892
5, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 0, 14056, , 0, 22.877299460
6, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 0, 14056, , 0, 22.877301223
7, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 1, 13276, , 0, 23.061972110
8, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 1, 13276, , 0, 23.061975636
9, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 1, 13276, , 0, 23.062004550
10, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 1, 13276, , 0, 23.063588859
11, 914abde3-171e-c600-3348-c514171de148, <Unknown>, 17, , 0, Unknown, <Not Annotated>, <Unknown>, Classic, , 1, 13276, , 0, 23.063617421

由于我捕获的所有其他数据都可以在 WPA 中进行分析，我想知道 ADO.Net diag 提供程序有什么不同，因为这些事件对 WPA 如此不透明？

Answer 1

Windows 性能分析器从注册表读取 list 数据以解码事件。如果 WPA 无法获取数据，它仅显示提供者的 GUID 和 <Unknown>用于任务名称和事件名称。那些Managed Object Format (MOF) files WPA(经典，遗留提供程序)不支持 ADO 跟踪，但它看起来像 tracerpt.exe确实支持它。

对于仅查找事件的 ETL 文件的原始分析，我建议 Perfview .

它有自己的解析器来获取解码事件:

<Event MSec= "26176,0393" PID="11304" PName="foo" TID="8336" EventName="AdoNetDiag/TextW"
  TimeStamp="09.02.17 16:47:39.338496" ID="Illegal" Version="0" Keywords="0x00000000" TimeStampQPC="1.241.241.278.025"
  Level="Always" ProviderName="Bid2Etw_ADONETDIAG_ETW" ProviderGuid="7acdcac8-8947-f88a-e51a-24018f5129ef" ClassicProvider="True"
  Opcode="18" TaskGuid="7acdcac9-8947-f88a-e51a-24018f5129ef" Channel="0" PointerSize="4"
  CPU="1" EventIndex="1328680" TemplateType="DynamicTraceEventData">
  <PrettyPrint>
    <Event MSec= "26176,0393" PID="11304" PName="foo" TID="8336" EventName="AdoNetDiag/TextW" ProviderName="Bid2Etw_ADONETDIAG_ETW" ModID="0" msgStr="01:CONNECTED [526D0000]C:\Windows\Microsoft.Net\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll  &quot;System.Data.SNI.1&quot; {C9996FA5-C06F-F20C-8A20-69B3BA392315}
    "/>
  </PrettyPrint>

所以使用 WPA 对事件的 CPU、磁盘、文件 io 和 Perfview 进行性能分析。