GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → microsoft → ETW2JSON

microsoft / ETW2JSON

Licence: MIT License
Tool and library to convert ETW logs to JSON files

Programming Languages

C#
18002 projects

Labels

jsonetletweventsource

Projects that are alternatives of or similar to ETW2JSON

openrefine-client
The OpenRefine Python Client from Paul Makepeace provides a library for communicating with an OpenRefine server. This fork extends the command line interface (CLI) and is distributed as a convenient one-file-executable (Windows, Linux, Mac). It is also available via Docker Hub, PyPI and Binder.
Stars: ✭ 67 (+1.52%)
Mutual labels:  etl
open-semantic-desktop-search
Virtual Machine for Desktop Search with Open Semantic Search
Stars: ✭ 22 (-66.67%)
Mutual labels:  etl
cpp-can-isotp
C++ implementation of CAN ISO 15765-2 also known as CAN ISO transport protocol. CPP CAN isotp.
Stars: ✭ 14 (-78.79%)
Mutual labels:  etl
mlbgameday
Multi-core processing of 'Gameday' data from Major League Baseball Advanced Media. Additional tools to parallelize large data sets and write them to a database.
Stars: ✭ 37 (-43.94%)
Mutual labels:  etl
gamechanger-data
GAMECHANGER aspires to be the Department’s trusted solution for evidence-based, data-driven decision-making across the universe of DoD requirements
Stars: ✭ 17 (-74.24%)
Mutual labels:  etl
CQRS-ES-Framework-Laravel
Laravel Adapter for CQRS-ES-Framework
Stars: ✭ 15 (-77.27%)
Mutual labels:  eventsource
carry
Python ETL(Extract-Transform-Load) tool / Data migration tool
Stars: ✭ 115 (+74.24%)
Mutual labels:  etl
sync-addons
Odoo Integration Addons
Stars: ✭ 69 (+4.55%)
Mutual labels:  etl
Addax
Addax is an open source universal ETL tool that supports most of those RDBMS and NoSQLs on the planet, helping you transfer data from any one place to another.
Stars: ✭ 615 (+831.82%)
Mutual labels:  etl
beneath
Beneath is a serverless real-time data platform ⚡️
Stars: ✭ 65 (-1.52%)
Mutual labels:  etl
etl
M-Lab ingestion pipeline
Stars: ✭ 15 (-77.27%)
Mutual labels:  etl
openrefine-docker
OpenRefine is a free, open source power tool for working with messy data and improving it. This repository contains Dockerbuild files for automated builds.
Stars: ✭ 19 (-71.21%)
Mutual labels:  etl
arthur-redshift-etl
ELT Code for your Data Warehouse
Stars: ✭ 22 (-66.67%)
Mutual labels:  etl
spdr-etf-holdings
ETL for the SPDR ETF holdings XLS documents
Stars: ✭ 14 (-78.79%)
Mutual labels:  etl
dbd
dbd is a database prototyping tool that enables data analysts and engineers to quickly load and transform data in SQL databases.
Stars: ✭ 30 (-54.55%)
Mutual labels:  etl
TEAM
The Taxonomy for ETL Automation Metadata (TEAM) is a metadata management tool for data warehouse automation. It is part of the ecosystem for data warehouse automation, alongside the Virtual Data Warehouse pattern manager and the generic schema for Data Warehouse Automation.
Stars: ✭ 27 (-59.09%)
Mutual labels:  etl
pangeo-forge-recipes
Python library for building Pangeo Forge recipes.
Stars: ✭ 64 (-3.03%)
Mutual labels:  etl
mqtt-to-kafka-bridge
Move your messages from MQTT to Apache Kafka in real-time 🚀
Stars: ✭ 21 (-68.18%)
Mutual labels:  etl
AirflowDataPipeline
Example of an ETL Pipeline using Airflow
Stars: ✭ 24 (-63.64%)
Mutual labels:  etl
PRUNE
Logs key Windows process performance metrics. #nsacyber
Stars: ✭ 56 (-15.15%)
Mutual labels:  etw
View All Similar Projects ➔

ETW2JSON

ETW2JSON is a tool that converts ETW Log Files (.ETL) to JSON using the Newtonsoft.Json library. It can be used as a stand-alone command line tool that will take as input locations of ETL files and an output path, or it can take your implementation of Newtonsoft.Json's JsonWriter class.

Library usage

ConvertToJson(JsonWriter jsonWriter, IEnumerable<string> inputFiles, Action<string> reportError)

Command-line usage

ETW2JSON C:\MyFile.etl C:\MyFile.Kernel.etl --output=C:\MyFile.json

Nuget package

This library is available on Nuget -- https://www.nuget.org/packages/ETW2JSON/1.3.10

Why JSON?

Converting ETW Log Files (.ETL) to JSON makes accessible to you a plethora of data that was previously restricted to expert ETW tools or libraries. The goal of this tool is to make ETW data more accessible to a larger developer and operations audience by converting to a human-readable format that is ubiquitous.

Motivational use-case + workflow for collecting data and using ETW2JSON

Background: You are a devops team running a cloud service on Windows that runs .NET code, and you log some of your data using .NET EventSource. Other parts of your code write JSON to disk directly. Furthermore you are also interested in seeing data from Windows and the .NET CLR interspersed with your own logging data.

Pick your ETW Collection tool: Microsoft TraceEvent, plain old logman from the Windows command line.

Now you have an ETL file, or a set of ETL files, and maybe this set of ETL files is continous, considering you are cloud service.

After your collection is done, you can use ETW2JSON to convert the ETL file to JSON as follows:

ETW2JSON myFile.etl --output=myFile.json

You can now view this data in a variety of JSON log viewers, merge it with your own non-ETW event sources, push the data to a cloud logmerge system (Kafka, ElasticSearch, etc.) or store it in your favorite JSON database.

Does it understand Kernel, .NET EventSource, XPERF, etc. events?

ETW2JSON is a library that understands Windows MOF Classes events, Windows Vista Manifest events and EventSource .NET events. It also understands events that XPERF (WPR) adds as part of its merging process (to give PDB information) for profiler tools like the Windows Performance Recorder.

Example output

This is the output of ETW2JSON for a single event record of type CLRTrace/CLR Method/MethodDCEndVerbose -- you can use your favorite JSON Viewer to view this data.

{
   "CLRTrace/CLR Method/MethodDCEndVerbose":[
      {
         "MethodIdentifier":140712944189680,
         "ModuleID":140712943752376,
         "MethodStartAddress":140712947662480,
         "MethodSize":174,
         "MethodToken":100669671,
         "MethodFlags":0,
         "MethodNameSpace":"System.Xml.Schema.SchemaCollectionCompiler",
         "Methodname":"CompileGroup",
         "MethodSig":"instance void  (class System.Xml.Schema.XmlSchemaGroup)"
      }
   ]
}

Microsoft Open Source Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].