private static void SetupContext() { _playback = new Playback(); _playback.AddEtlFiles(ConfigurationConstants.HttpServerTrace); _all = _playback.GetObservable<Parse>(); _result = new RequestResult<List<Parse>> { Data = new List<Parse>() }; }
internal static Playback GetCurrentEtlScope(IEnumerable<string> etlfiles, bool isRealtime) { try { if ((etlfiles == null || etlfiles.Count() == 0)) { return null; } Playback scope = new Playback(); foreach (var file in etlfiles) { if (isRealtime) { scope.AddRealTimeSession(file); } else { scope.AddEtlFiles(file); } } return scope; } catch (Exception) { throw new Exception("Please try loading the ETL files since the Playback cannot be created."); } }
static void Main(string[] args) { _listener.Prefixes.Add("http://" + Environment.MachineName + ":9000/"); _listener.Start(); Console.WriteLine("Listening ..."); while (true) { HttpListenerContext context = _listener.GetContext(); _request = context.Request; HttpListenerResponse response = context.Response; _sb = new StringBuilder("<HTML>\n<HEAD>\n<TITLE>"); _sb.Append("Trace 2 Html"); _sb.Append("</TITLE>\n</HEAD>\n<BODY>\n"); _sb.Append("<pre style=\"font-family:Consolas; font-size: 10pt; width: 5000px;\">"); _playback = new Playback(); _playback.AddEtlFiles(LocalTrace); _all = _playback.GetObservable<TracedEvent>(); if (_request.QueryString["process"] != null) { _processFilter = _request.QueryString["process"]; _all = _all.Where(e => e.Message.StartsWith(_processFilter)); } else { _processFilter = null; } if (_request.QueryString["after"] != null) { var after = int.Parse(_request.QueryString.Get("after")); AllHistory(after); } else if (_request.QueryString["afterReceive"] != null) { string messageId = _request.QueryString.Get("afterReceive"); AfterReceive(messageId); } else if (_request.QueryString["beforeSend"] != null) { string messageId = _request.QueryString.Get("beforeSend"); BeforeSend(messageId); } else { AllHistory(0); } _sb.Append("</BODY></HTML>"); byte[] buffer = Encoding.UTF8.GetBytes(_sb.ToString()); response.ContentLength64 = buffer.Length; response.OutputStream.Write(buffer, 0, buffer.Length); response.OutputStream.Close(); _playback.Dispose(); } }
private static void SetupContext() { _playback = new Playback(); _playback.AddEtlFiles(ConfigurationConstants.HttpServerTrace); _all = _playback.GetObservable <Parse>(); _result = new RequestResult <List <Parse> > { Data = new List <Parse>() }; }
public void PlayOne() { var p = new Playback(); p.AddEtlFiles(EtlFileName); int count = 0; p.GetObservable<Parse>().Subscribe(e => { count++; }); p.Run(); Assert.AreEqual(291, count); }
public IObservable <EtwNativeEvent> GetRawEventsForTimeWindow() { Playback scope = new Playback(); foreach (var item in this.files) { scope.AddEtlFiles(item); } return(EtwObservable.FromFiles(this.files.ToArray())); }
static void Main() { Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); IObservable <Deliver> startEvents = playback.GetObservable <Deliver>(); IObservable <FastResp> endEvents = playback.GetObservable <FastResp>(); var requests = from start in startEvents from end in endEvents .Where(e => start.Header.ActivityId == e.Header.ActivityId) .Take(TimeSpan.FromSeconds(1), playback.Scheduler) // <-- Playback virtual time! .Take(1) select new { start.Url, end.StatusCode, Duration = end.Header.Timestamp - start.Header.Timestamp }; var statistics = from window in requests.Window(TimeSpan.FromSeconds(5), playback.Scheduler) from stats in ( // calculate statistics within one window from request in window group request by new { Milliseconds = Math.Ceiling(request.Duration.TotalMilliseconds * 10) / 10, request.Url } into g from Count in g.Count() select new { g.Key.Url, g.Key.Milliseconds, Count }) .ToList() select stats; IDisposable d = statistics.Subscribe(b => { Console.WriteLine("--------------------------"); foreach (var s in b.OrderBy(s => s.Milliseconds)) // <-- LINQ to Objects! { Console.WriteLine(s); } }); playback.Run(); Console.ReadLine(); d.Dispose(); }
public void PlayRoot() { var p = new Playback(); p.AddEtlFiles(EtlFileName); int count = 0; p.GetObservable<SystemEvent>().Subscribe(e => { count++; }); p.Run(); Assert.AreEqual(2041, count); }
static void Main() { Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); IObservable<Deliver> startEvents = playback.GetObservable<Deliver>(); IObservable<FastResp> endEvents = playback.GetObservable<FastResp>(); var requests = from start in startEvents from end in endEvents .Where(e => start.Header.ActivityId == e.Header.ActivityId) .Take(TimeSpan.FromSeconds(1), playback.Scheduler) // <-- Playback virtual time! .Take(1) select new { start.Url, end.StatusCode, Duration = end.Header.Timestamp - start.Header.Timestamp }; var statistics = from window in requests.Window(TimeSpan.FromSeconds(5), playback.Scheduler) from stats in ( // calculate statistics within one window from request in window group request by new { Milliseconds = Math.Ceiling(request.Duration.TotalMilliseconds * 10) / 10, request.Url } into g from Count in g.Count() select new { g.Key.Url, g.Key.Milliseconds, Count }) .ToList() select stats; IDisposable d = statistics.Subscribe(b => { Console.WriteLine("--------------------------"); foreach (var s in b.OrderBy(s => s.Milliseconds)) // <-- LINQ to Objects! { Console.WriteLine(s); } }); playback.Run(); Console.ReadLine(); d.Dispose(); }
static void Main() { Playback playback = new Playback(); playback.AddEtlFiles(@"..\..\..\HTTP_Server.etl"); playback.AddLogFiles(@"..\..\..\HTTP_Server.evtx"); IObservable<SystemEvent> all = playback.GetObservable<SystemEvent>(); all.Count().Subscribe(Console.WriteLine); playback.Run(); }
public void PlayRoot() { var p = new Playback(); p.AddEtlFiles(EtlFileName); int count = 0; p.GetObservable <SystemEvent>().Subscribe(e => { count++; }); p.Run(); Assert.AreEqual(2041, count); }
static void VirtualTime() { // This sample illustrates the concept of Virtual Time, constructed as per timestamps of the events in the file Console.WriteLine("----- VirtualTime -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.GetObservable<Parse>().Subscribe(p => Console.WriteLine("{0} {1}", playback.Scheduler.Now.DateTime, p.Url)); playback.Run(); }
public void PlayOne() { var p = new Playback(); p.AddEtlFiles(EtlFileName); int count = 0; p.GetObservable <Parse>().Subscribe(e => { count++; }); p.Run(); Assert.AreEqual(291, count); }
static void Format2() { // This sample shows how to subscribe to format just two event types of events Console.WriteLine("----- Format2 -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.GetObservable <Parse>().Subscribe(Console.WriteLine); // Implicit ToString() playback.GetObservable <FastSend>().Subscribe(Console.WriteLine); // Implicit ToString() playback.Run(); }
public void HTTP_SinglePass() { var pb = new Playback(); pb.AddEtlFiles(EtlFileName); var begin = pb.GetObservable <Parse>(); var end = pb.GetObservable <FastSend>(); var requests = from b in begin from e in end.Where(e => e.Header.ActivityId == b.Header.ActivityId).Take(1) select new { b.Header.ActivityId, b.Url, e.HttpStatus, Duration = e.Header.Timestamp - b.Header.Timestamp }; var statistics = from r in requests group r by new { Milliseconds = Math.Ceiling(r.Duration.TotalMilliseconds * 10) / 10, Url = r.Url } into groups from c in groups.Count() select new { groups.Key.Url, groups.Key.Milliseconds, Count = c }; var slow = from r in requests where r.Duration.TotalMilliseconds > 0.5 select r; var slowList = new List <object>(); slow.Subscribe(s => slowList.Add(s)); var statisticsList = new List <object>(); statistics.Subscribe(s => statisticsList.Add(s)); pb.Run(); Assert.AreEqual(7, statisticsList.Count()); Assert.AreEqual(2, slowList.Count()); }
public void PlayRootAndKnownType() { var p = new Playback(); p.AddEtlFiles(EtlFileName); int count = 0; p.GetObservable<SystemEvent>().Subscribe(e => { count++; }); int parseCount = 0; p.GetObservable<Deliver>().Subscribe(e => { parseCount++; }); p.Run(); Assert.AreEqual(2041, count); Assert.AreEqual(291, parseCount); }
static void VirtualTime() { // This sample illustrates the concept of Virtual Time, constructed as per timestamps of the events in the file Console.WriteLine("----- VirtualTime -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.GetObservable <Parse>().Subscribe(p => Console.WriteLine("{0} {1}", playback.Scheduler.Now.DateTime, p.Url)); playback.Run(); }
public void PlayTwo() { var p = new Playback(); p.AddEtlFiles(EtlFileName); int parseCount = 0; int fastSendCount = 0; p.GetObservable<Deliver>().Subscribe(e => { parseCount++; }); p.GetObservable<FastResp>().Subscribe(e => { fastSendCount++; }); p.Run(); Assert.AreEqual(291, parseCount); Assert.AreEqual(289, fastSendCount); }
public void PlayTwoBothEtlAndEvtx() { var p = new Playback(); p.AddEtlFiles(EtlFileName); p.AddLogFiles(EvtxFileName); int parseCount = 0; int fastSendCount = 0; p.GetObservable<Deliver>().Subscribe(e => { parseCount++; }); p.GetObservable<FastResp>().Subscribe(e => { fastSendCount++; }); p.Run(); Assert.AreEqual(581, parseCount); // there seems to be one event that was lost in the etl->evt conversion... Assert.AreEqual(579, fastSendCount); // and one more event here... }
static void CountAll() { // Subscribing to SystemEvent means "all ETW events" Console.WriteLine("----- CountAll -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); var all = playback.GetObservable <SystemEvent>(); all.Count().Subscribe(Console.WriteLine); playback.Run(); }
public void HTTP_Parse_Format() { string msg = ""; var pb = new Playback(); pb.AddEtlFiles(EtlFileName); var parsed = pb.GetObservable <Parse>().Take(1); parsed.Subscribe(p => msg = p.ToString()); pb.Run(); Assert.AreEqual(msg, "Parsed request (request pointer 18446738026454074672, method 4) with URI http://georgis2:80/windir.txt"); }
static void Main() { Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.AddLogFiles(@"HTTP_Server.evtx"); IObservable <SystemEvent> all = playback.GetObservable <SystemEvent>(); using (all.Count().Subscribe(Console.WriteLine)) { playback.Run(); Console.ReadLine(); } }
public void PlayTwo() { var p = new Playback(); p.AddEtlFiles(EtlFileName); int parseCount = 0; int fastSendCount = 0; p.GetObservable <Deliver>().Subscribe(e => { parseCount++; }); p.GetObservable <FastResp>().Subscribe(e => { fastSendCount++; }); p.Run(); Assert.AreEqual(291, parseCount); Assert.AreEqual(289, fastSendCount); }
static void CountAllTwoFiles() { // The file HTTP_Server.evtx is Windows Event Log, obtained by converting HTTP_Server.etl // It contains the same exact events, so let's count total # of events in the two files Console.WriteLine("----- CountAllTwoFiles -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.AddLogFiles(@"HTTP_Server.evtx"); var all = playback.GetObservable <SystemEvent>(); all.Count().Subscribe(Console.WriteLine); playback.Run(); }
static void Count2And12() { // This sample shows how to use SystemEvent to obtain the same result as in Count2 // by using SystemEvent instead of generated classes (2 is Parse, 12 is FastSend) Console.WriteLine("----- Count2And12 -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); var filtered = playback.GetObservable <SystemEvent>() .Where(e => e.Header.EventId == 2 || e.Header.EventId == 12); filtered.Count().Subscribe(Console.WriteLine); playback.Run(); }
public void HTTP_FastSend() { var pb = new Playback(); pb.AddEtlFiles(EtlFileName); var parsed = from s in pb.GetObservable<FastSend>() select new { s.Header.ActivityId, s.HttpStatus }; int count = 0; parsed.Count().Subscribe(c => count = c); pb.Run(); Assert.AreEqual(289, count); }
public void PlayTwoBothEtlAndEvtx() { var p = new Playback(); p.AddEtlFiles(EtlFileName); p.AddLogFiles(EvtxFileName); int parseCount = 0; int fastSendCount = 0; p.GetObservable <Deliver>().Subscribe(e => { parseCount++; }); p.GetObservable <FastResp>().Subscribe(e => { fastSendCount++; }); p.Run(); Assert.AreEqual(582, parseCount); Assert.AreEqual(578, fastSendCount); }
public void HTTP_Parse() { var pb = new Playback(); pb.AddEtlFiles(EtlFileName); var parsed = from p in pb.GetObservable<Parse>() select new { p.Header.ActivityId, p.Url }; int count = 0; parsed.Count().Subscribe(c => count = c); pb.Run(); Assert.AreEqual(291, count); }
public void PlayRootAndKnownType() { var p = new Playback(); p.AddEtlFiles(EtlFileName); int count = 0; p.GetObservable <SystemEvent>().Subscribe(e => { count++; }); int parseCount = 0; p.GetObservable <Deliver>().Subscribe(e => { parseCount++; }); p.Run(); Assert.AreEqual(2041 + 291, count); Assert.AreEqual(291, parseCount); }
public void HTTP_Parse_Format() { string msg = null; using (var playback = new Playback()) { playback.AddEtlFiles(EtlFileName); var parsed = playback.GetObservable <Parse>().Take(1); using (parsed.Subscribe(p => msg = p.ToString())) { playback.Run(); } } Assert.AreEqual("Parsed request (request pointer 18446738026454074672, method 4) with URI http://georgis2:80/windir.txt", msg); }
public void ProcessStopTest() { var pb = new Playback(); pb.AddEtlFiles(EtlFileName); var stop = from p in pb.GetObservable<ProcessStop>() // this is V1 event select new { p.ProcessID, p.ImageName }; int count = 0; stop.Count().Subscribe(c => count = c); pb.Run(); Assert.AreEqual(4, count); }
static void GetObservable() { // This sample illustrates parsing single input file and transforming only the events that are of interest Console.WriteLine("----- GetObservable -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.GetObservable<Parse>().Subscribe(p => Console.WriteLine(p.Url)); playback.Run(); //Here: // - HTTP_Server.etl is trace from HTTP.sys (the bottom layer of IIS) // - The type Parse was generated from the ETW manifest description of the first event IIS traces for each request (EventId = 2) // - Subscribe just wires-up the processing of Parse events, and nothing shows on the console yet. // Reading the file happens within Run(). }
static void Main() { Playback playback = new Playback(); playback.AddEtlFiles(@"..\..\..\HTTP_Server.etl"); playback.AddLogFiles(@"..\..\..\HTTP_Server.evtx"); IObservable<SystemEvent> all = playback.GetObservable<SystemEvent>(); var counts = from window in all.Window(TimeSpan.FromSeconds(5), playback.Scheduler) from Count in window.Count() select Count; var withTime = counts.Timestamp(playback.Scheduler); withTime.Subscribe(ts => Console.WriteLine("{0} {1}", ts.Timestamp, ts.Value)); playback.Run(); }
static void FormatAll() { // This sample shows how to format all events, similar to existing tools like TraceVwr, TraceFmt, etc. // Formatting means ignoring types and displaying human-readable text in order of occurence Console.WriteLine("----- Formatting -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.KnownTypes = typeof(Parse).Assembly.GetTypes(); var all = playback.GetObservable <SystemEvent>() .Select(e => e.ToString()); all.Subscribe(Console.WriteLine); playback.Run(); }
static void Get2Observables() { // This sample shows how to subscribe to two types of events, and process the occurences (=instances) reading the file once Console.WriteLine("----- Get2Observables -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.GetObservable<Parse>().Subscribe(p => Console.WriteLine("begin {0} {1}", p.Header.ActivityId, p.Url)); playback.GetObservable<FastSend>().Subscribe(fs => Console.WriteLine("end {0} {1}", fs.Header.ActivityId, fs.HttpStatus)); playback.Run(); // Here we first wire-up the two processing pipelines, and then we call Run(). // Reading the file, Playback ignores all other events except Parse (EventId=2) and FastSend (EventId=12). // These are pushed into the corresponding IObservables in order of occurence. // // Typically we see Parse, followed by FastSend with the same ActivityId. }
internal static QueryExecutionContext CreateFromFiles(IList <string> etlfiles, Action <Type> onStart, Action <object> onNext) { Playback playback = new Playback(); foreach (var item in etlfiles) { playback.AddEtlFiles(item); } Func <Type, object, Action <object> > v = (t, o) => { onStart(t); return(onNext); }; QueryExecutionContext context = new QueryExecutionContext(playback, v); playback.KnownTypes = ManifestCompiler.GetKnowntypesforPlayback(); return(context); }
static void GetObservable() { // This sample illustrates parsing single input file and transforming only the events that are of interest Console.WriteLine("----- GetObservable -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.GetObservable <Parse>().Subscribe(p => Console.WriteLine(p.Url)); playback.Run(); //Here: // - HTTP_Server.etl is trace from HTTP.sys (the bottom layer of IIS) // - The type Parse was generated from the ETW manifest description of the first event IIS traces for each request (EventId = 2) // - Subscribe just wires-up the processing of Parse events, and nothing shows on the console yet. // Reading the file happens within Run(). }
public void ProcessStopTest() { var pb = new Playback(); pb.AddEtlFiles(EtlFileName); var stop = from p in pb.GetObservable <ProcessStop_V1>() select new { p.ProcessID, p.ImageName }; int count = 0; stop.Count().Subscribe(c => count = c); pb.Run(); Assert.AreEqual(4, count); }
static void Count5SecWindow() { // Counting all events, every 5 sec window in Virtual Time Console.WriteLine("----- Count5SecWindow -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); var all = playback.GetObservable <SystemEvent>(); var countPerWindow = from window in all.Window(TimeSpan.FromSeconds(5), playback.Scheduler) from Count in window.Count() select Count; countPerWindow.Subscribe(Console.WriteLine); playback.Run(); }
public void HTTP_Enumerations() { var pb = new Playback(); pb.AddEtlFiles(EtlFileName); object type = null, group = null, format = null; var parsed = pb.GetObservable<LogFileWrite>().Take(1); parsed.Subscribe(p => { type = p.Type; group = p.Group; format = p.Format; }); pb.Run(); Assert.AreSame(type.GetType(), typeof(HTTP_TEMPLATE_LOGGING_LogType_ValueMap)); Assert.AreSame(group.GetType(), typeof(HTTP_TEMPLATE_LOGGING_LogGroup_ValueMap)); Assert.AreSame(format.GetType(), typeof(HTTP_TEMPLATE_LOGGING_LogFormat_ValueMap)); }
public void HTTP_Parse() { var pb = new Playback(); pb.AddEtlFiles(EtlFileName); var parsed = from p in pb.GetObservable <Parse>() select new { p.Header.ActivityId, p.Url }; int count = 0; parsed.Count().Subscribe(c => count = c); pb.Run(); Assert.AreEqual(291, count); }
public void HTTP_FastSend() { var pb = new Playback(); pb.AddEtlFiles(EtlFileName); var parsed = from s in pb.GetObservable <FastSend>() select new { s.Header.ActivityId, s.HttpStatus }; int count = 0; parsed.Count().Subscribe(c => count = c); pb.Run(); Assert.AreEqual(289, count); }
static void Main() { Playback playback = new Playback(); playback.AddEtlFiles(@"..\..\..\HTTP_Server.etl"); IObservable<Deliver> startEvents = playback.GetObservable<Deliver>(); IObservable<FastResp> endEvents = playback.GetObservable<FastResp>(); var requests = from start in startEvents from end in endEvents.Where(e => start.Header.ActivityId == e.Header.ActivityId).Take(1) select new { start.Url, end.StatusCode, Duration = end.Header.Timestamp - start.Header.Timestamp }; var statistics = (from request in requests group request by new { Milliseconds = Math.Ceiling(request.Duration.TotalMilliseconds * 10) / 10, request.Url } into g from Count in g.Count() select new { g.Key.Url, g.Key.Milliseconds, Count }) .ToList(); statistics.Subscribe(b => { Console.WriteLine("--------------------------"); foreach (var s in b.OrderBy(s=>s.Milliseconds)) // <-- LINQ to Objects! { Console.WriteLine(s); } }); playback.Run(); }
internal override IObservable <EventRecordProxy> GetObservableEvents() { Playback playback = new Playback(); if (this.IsRealtime) { playback.AddRealTimeSession(this.files.First()); } else { foreach (var item in this.files) { playback.AddEtlFiles(item); } } playback.KnownTypes = ManifestCompiler.GetKnowntypesforPlayback(); return(new EventRecordProxyObserver(playback, this)); }
static void CountAcrossHierarchies() { // The method GetAll works across event hierarchies - e.g. the PerfCounterSample events don't inherit from SystemEvent Console.WriteLine("----- CountAllThreeFiles -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.AddPerfCounterTraces(@"BasicPerfCounters.blg"); var types = new List <Type>(typeof(Parse).Assembly.GetTypes()); types.Add(typeof(PerformanceSample)); var all = playback.GetAll(types.ToArray()); all.Count().Subscribe(Console.WriteLine); playback.Run(); }
static void Get2Observables() { // This sample shows how to subscribe to two types of events, and process the occurences (=instances) reading the file once Console.WriteLine("----- Get2Observables -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.GetObservable <Parse>().Subscribe(p => Console.WriteLine("begin {0} {1}", p.Header.ActivityId, p.Url)); playback.GetObservable <FastSend>().Subscribe(fs => Console.WriteLine("end {0} {1}", fs.Header.ActivityId, fs.HttpStatus)); playback.Run(); // Here we first wire-up the two processing pipelines, and then we call Run(). // Reading the file, Playback ignores all other events except Parse (EventId=2) and FastSend (EventId=12). // These are pushed into the corresponding IObservables in order of occurence. // // Typically we see Parse, followed by FastSend with the same ActivityId. }
public void HTTP_Enumerations() { var pb = new Playback(); pb.AddEtlFiles(EtlFileName); object type = null, group = null, format = null; var parsed = pb.GetObservable <LogFileWrite>().Take(1); parsed.Subscribe(p => { type = p.Type; group = p.Group; format = p.Format; }); pb.Run(); Assert.AreSame(type.GetType(), typeof(HTTP_TEMPLATE_LOGGING_LogType_ValueMap)); Assert.AreSame(group.GetType(), typeof(HTTP_TEMPLATE_LOGGING_LogGroup_ValueMap)); Assert.AreSame(format.GetType(), typeof(HTTP_TEMPLATE_LOGGING_LogFormat_ValueMap)); }
static void Main() { Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); playback.AddLogFiles(@"HTTP_Server.evtx"); IObservable <SystemEvent> all = playback.GetObservable <SystemEvent>(); var counts = from window in all.Window(TimeSpan.FromSeconds(5), playback.Scheduler) from Count in window.Count() select Count; var withTime = counts.Timestamp(playback.Scheduler); using (withTime.Subscribe(ts => Console.WriteLine("{0} {1}", ts.Timestamp, ts.Value))) { playback.Run(); Console.ReadLine(); } }
public void JoinStartStopTest() { var pb = new Playback(); pb.AddEtlFiles(EtlFileName); var start = pb.GetObservable<ProcessStart>(); // this is V0 event var end = pb.GetObservable<ProcessStop>(); // this is V1 event var processes = from s in start from e in end.Where(e=>e.ProcessID == s.ProcessID).Take(1) select new { s.ProcessID, s.ImageName, Duration = e.OccurenceTime - s.OccurenceTime }; int count = 0; processes.Count().Subscribe(c => count = c); pb.Run(); Assert.AreEqual(2, count); // looked at the raw data with TraceInsigt... }
static void Count2() { // This sample counts two kinds of events: Console.WriteLine("----- Count2 -----"); Playback playback = new Playback(); playback.AddEtlFiles(@"HTTP_Server.etl"); int cParse = 0; int cFastSend = 0; playback.GetObservable <Parse>().Subscribe(c => cParse++); playback.GetObservable <FastSend>().Subscribe(c => cFastSend++); playback.Run(); Console.WriteLine("Parse: {0}, FastSend: {1}, Total: {2}", cParse, cFastSend, cParse + cFastSend); // Some questionsare difficult to express as structured queries // Although possible in specific cases, the expressions are fragile (the user has to list all event types), }
public void HTTP_AggregateDuration() { var pb = new Playback(); pb.AddEtlFiles(EtlFileName); var begin = pb.GetObservable<Parse>(); var end = pb.GetObservable<FastSend>(); var requests = from b in begin from e in end.Where(e => e.Header.ActivityId == b.Header.ActivityId).Take(1) select new { b.Header.ActivityId, b.Url, e.HttpStatus, Duration = e.Header.Timestamp - b.Header.Timestamp }; var statistics = from r in requests group r by new { Milliseconds = Math.Ceiling(r.Duration.TotalMilliseconds * 10) / 10, Url = r.Url } into groups from c in groups.Count() select new { groups.Key.Url, groups.Key.Milliseconds, Count = c }; var list = new List<object>(); statistics.Subscribe(s => list.Add(s)); pb.Run(); Assert.AreEqual(7, list.Count()); }
static void Main() { StartSession(); Playback playback = new Playback(); playback.AddEtlFiles("tcp.etl"); playback.AddRealTimeSession("tcp"); var recv = from req in playback.GetObservable<KNetEvt_RecvIPV4>() select new { Time = req.OccurenceTime, Size = req.size, Address = new IPAddress(req.daddr) }; using (recv.Subscribe(e => Console.WriteLine("{0} : Received {1,5} bytes from {2}", e.Time, e.Size, e.Address))) { playback.Start(); Console.ReadLine(); } }
public void HTTP_WholeRequest() { var pb = new Playback(); pb.AddEtlFiles(EtlFileName); var begin = pb.GetObservable<Parse>(); var end = pb.GetObservable<FastSend>(); var requests = from b in begin from e in end.Where(e => e.Header.ActivityId == b.Header.ActivityId).Take(1) select new { b.Header.ActivityId, b.Url, e.HttpStatus, Duration = e.Header.Timestamp - b.Header.Timestamp }; int count = 0; requests.Subscribe(r=>count++); pb.Run(); Assert.AreEqual(289, count); }
public void EtlEventTypeStatistics() { var pb = new Playback(); pb.AddEtlFiles(EtlFileName); var statistics = from e in pb.GetObservable<SystemEvent>() group e by new { e.Header.ProviderId, e.Header.EventId, e.Header.Opcode, e.Header.Version } into g from c in g.Count() select new { g.Key.ProviderId, g.Key.EventId, g.Key.Version, Count = c, }; var list = new List<object>(); statistics.Subscribe(s => list.Add(s)); pb.Run(); Assert.AreEqual(12, list.Count()); }
public void ConcatenateRequest() { var pb = new Playback(); pb.AddEtlFiles(EtlFileName); var recvReq = from e in pb.GetObservable<RecvReq>() select new AspRequestInstance { RequestId = new Guid(0, 0, 0, BitConverter.GetBytes(e.RequestId)), RecvReq = e.Header.Timestamp }; var start = from e in pb.GetObservable<Start>() select new AspRequestInstance { RequestId = e.ContextId, Start = e.Header.Timestamp }; var startHandler = from e in pb.GetObservable<StartHandler>() select new AspRequestInstance { RequestId = e.ContextId, StartHandler = e.Header.Timestamp }; var httpHandlerEnter = from e in pb.GetObservable<HttpHandlerEnter>() select new AspRequestInstance { RequestId = e.ContextId, HttpHandlerEnter = e.Header.Timestamp }; var httpHandlerLeave = from e in pb.GetObservable<HttpHandlerLeave>() select new AspRequestInstance { RequestId = e.ContextId, HttpHanlerLeave = e.Header.Timestamp }; var endHandler = from e in pb.GetObservable<EndHandler>() select new AspRequestInstance { RequestId = e.ContextId, EndHandler = e.Header.Timestamp }; var end = from e in pb.GetObservable<End>() select new AspRequestInstance { RequestId = e.ContextId, End = e.Header.Timestamp }; var sameSchema = recvReq .Merge(start) .Merge(startHandler) .Merge(httpHandlerEnter) .Merge(httpHandlerLeave) .Merge(endHandler) .Merge(end); var requests = from r in sameSchema group r by r.RequestId into gs from i in gs.Scan((v, i) => v.Merge(i)).Where(v => v.IsCompleted).Take(1) select i; int counter = 0; requests.Subscribe(r=> { counter++; }); pb.Run(); Assert.AreEqual(9530, counter); }
private static void Main(string[] args) { if (args.Length < 2) { Console.WriteLine( @"Usage: TxFmt files... Supported files are .man : Manifest .etl : Event Trace Log .evtx : Event Log"); Environment.Exit(1); } try { var pb = new Playback(); string asmDir = Path.Combine(Path.GetTempPath(), "TxFmt"); if (Directory.Exists(asmDir)) Directory.Delete(asmDir, true); Directory.CreateDirectory(asmDir); foreach (string a in args) { string ext = Path.GetExtension(a).ToLower(); switch (ext) { case ".etl": pb.AddEtlFiles(a); break; case ".evtx": pb.AddLogFiles(a); break; case ".man": string manifest = File.ReadAllText(a); Dictionary<string, string> generated = ManifestParser.Parse(manifest); string assemblyPath = Path.Combine(asmDir, Path.ChangeExtension(Path.GetFileName(a), ".dll")); AssemblyBuilder.OutputAssembly(generated, new string[]{}, assemblyPath); break; default: throw new Exception("unknown extension " + ext); } } var knownTypes = new List<Type>(); foreach (string a in Directory.GetFiles(asmDir, "*.dll")) { Assembly assembly = Assembly.LoadFrom(a); knownTypes.AddRange(assembly.GetTypes()); } pb.KnownTypes = knownTypes.ToArray(); IObservable<SystemEvent> all = pb.GetObservable<SystemEvent>(); all.Subscribe(e=> { if (!e.ToString().StartsWith(" DocumentServiceId")) { Console.WriteLine("{0} {1}", e.Header.EventId, e.ToString()); }; }); pb.Run(); } catch (Exception ex) { ConsoleColor color = Console.ForegroundColor; Console.ForegroundColor = ConsoleColor.Red; Console.Error.WriteLine(ex.Message + "\n\n" + ex.StackTrace); Console.ForegroundColor = color; } }
internal static void Compile(string[] fileNames, string linqFile, TextWriter outputStream, TextWriter errorStream, Type[] knownTypes = null, DateTime? startTime = null, DateTime? endTime = null) { StringWriter errorLogger = new StringWriter(); string query = LinqpadHelpers.ExtractQuery(linqFile, errorLogger); Playback playback = new Playback(); foreach (string file in fileNames) { string extension = Path.GetExtension(file); if (string.Equals(".etl", extension, StringComparison.InvariantCultureIgnoreCase)) { playback.AddEtlFiles(file); } //else if (string.Equals(".csv", extension, StringComparison.InvariantCultureIgnoreCase)) //{ // playback.AddCsvFile(file); //} } Dictionary<string, object> playbackProperties = new Dictionary<string, object>(); if (startTime.HasValue) { playbackProperties.Add("StartTime", startTime.Value); } if (endTime.HasValue) { playbackProperties.Add("EndTime", endTime.Value); } playback.KnownTypes = knownTypes; CsvWriterSettings csvsettings = new CsvWriterSettings { Writer = outputStream }; Func<Type, object, Action<object>> onDumpStartCsv = (t, result) => { CsvHelper.PrintHeader(t, csvsettings); Action<object> onNext = (o) => { CsvHelper.Dump(o, csvsettings); }; return onNext; }; CompileAndRun(new QueryExecutionContext(playback, onDumpStartCsv), query, errorStream, errorStream, playbackProperties); }
internal static QueryExecutionContext CreateFromFiles(IList<string> etlfiles, Action<Type> onStart, Action<object> onNext) { Playback playback = new Playback(); foreach (var item in etlfiles) { playback.AddEtlFiles(item); } Func<Type, object, Action<object>> v = (t, o) => { onStart(t); return onNext; }; QueryExecutionContext context = new QueryExecutionContext(playback, v); playback.KnownTypes = ManifestCompiler.GetKnowntypesforPlayback(); return context; }
public void HTTP_Parse_Format() { string msg = ""; var pb = new Playback(); pb.AddEtlFiles(EtlFileName); var parsed = pb.GetObservable<Parse>().Take(1); parsed.Subscribe(p => msg = p.ToString()); pb.Run(); Assert.AreEqual(msg, "Parsed request (request pointer 18446738026454074672, method 4) with URI http://georgis2:80/windir.txt"); }
public void HTTP_SlowRequests() { var pb = new Playback(); pb.AddEtlFiles(EtlFileName); var begin = pb.GetObservable<Parse>(); var end = pb.GetObservable<FastSend>(); var requests = from b in begin from e in end.Where(e => e.Header.ActivityId == b.Header.ActivityId).Take(1) select new { b.Header.ActivityId, b.Url, e.HttpStatus, Duration = e.Header.Timestamp - b.Header.Timestamp }; var slow = from r in requests where r.Duration.TotalMilliseconds > 0.5 select r; var list = new List<object>(); slow.Subscribe(s => list.Add(s)); pb.Run(); Assert.AreEqual(2, list.Count()); }