public static Dictionary <String, dynamic> ProcessEventRecord(EtwTrace etwtrace, IEventRecord r)
{
Dictionary <String, dynamic> rawEvent = new Dictionary <String, dynamic>();
foreach (EtwEvent etwevent in etwtrace.Events)
{
dynamic value;
if (etwevent.Id == r.Id)
{
Boolean skip = false;
foreach (EtwField etwfield in etwevent.Fields)
{
// Order of processing
// Timestamps and literals
// Property value extraction
// Filtering
// Enumerations
// Transformations
// Translations
// Output
// Check for timestamp and literal fields in the config
if (etwfield.IsTimestamp)
{
value = DateTime.UtcNow.ToString("o");
}
else if (etwfield.IsLiteral)
{
value = etwfield.LiteralValue;
}
// Check if the config field is not a field of the ETW event and instead is a property of it
// This is useful for getting the Event's Id
else if (!etwfield.IsField)
{
value = r.GetType().GetProperty(etwfield.Name).GetValue(r, null);
value = Convert.ToString(value);
}
else
{
switch (etwfield.ExtractionMethod)
{
// Take the extraction method provided in the config and try to use it
case FieldExtractionMethod.GetBinary:
// I haven't actually had a reason to use GetBinary myself.
// This should return a string of hexadecimal values
// For example if binaryretvalue = byte[] { 0x00, 0x01, 0x02, 0x03, 0xaa, 0xab }
// valuestr will be: 00 01 02 03 AA AB
if (r.TryGetBinary(etwfield.Name, out byte[] binaryretvalue))
