public static Dictionary <String, dynamic> ProcessEventRecord(EtwTrace etwtrace, IEventRecord r) { Dictionary <String, dynamic> rawEvent = new Dictionary <String, dynamic>(); foreach (EtwEvent etwevent in etwtrace.Events) { dynamic value; if (etwevent.Id == r.Id) { Boolean skip = false; foreach (EtwField etwfield in etwevent.Fields) { // Order of processing // Timestamps and literals // Property value extraction // Filtering // Enumerations // Transformations // Translations // Output // Check for timestamp and literal fields in the config if (etwfield.IsTimestamp) { value = DateTime.UtcNow.ToString("o"); } else if (etwfield.IsLiteral) { value = etwfield.LiteralValue; } // Check if the config field is not a field of the ETW event and instead is a property of it // This is useful for getting the Event's Id else if (!etwfield.IsField) { value = r.GetType().GetProperty(etwfield.Name).GetValue(r, null); value = Convert.ToString(value); } else { switch (etwfield.ExtractionMethod) { // Take the extraction method provided in the config and try to use it case FieldExtractionMethod.GetBinary: // I haven't actually had a reason to use GetBinary myself. // This should return a string of hexadecimal values // For example if binaryretvalue = byte[] { 0x00, 0x01, 0x02, 0x03, 0xaa, 0xab } // valuestr will be: 00 01 02 03 AA AB if (r.TryGetBinary(etwfield.Name, out byte[] binaryretvalue))