.Net and Service Fabric provider(s) issue

[MedAnd]

I am having issues using the managed wrapper to consume Service Fabric events from a simple .Net console program. The only provider which seems to be working is the Lease provider where ServiceFabricETWProviderGuids() is defined as per ServiceFabricETWProviderGuids

I would like to be able to consume the following List of Service Fabric events.

[MedAnd]

Also a question about the Technical Notes:

When you start an ETW trace, as the caller, you're generally responsible for donating a thread to the ETW subsystem for processing events. Each trace session you start requires a thread for processing. A single thread can process a huge number of events from multiple providers so it's not necessary to start multiple trace sessions unless you find that you're missing events.

For example, in the primary application we use krabsetw for, we consume 9 separate user ETW providers on a single trace session of krabsetw. This trace, on a busy machine, processes upwards of 1.5 trillion events per day.

Because you've donated a thread to processing your ETW trace session, your code needs to do as little as possible on the processing thread. When your event callback is invoked, you want to parse out the event and push processing of it to another thread as fast as you can. This ensures you don't drop events from ETW by not dequeuing new events quickly enough from the buffer.

Any .Net examples of "parse out the event and push processing of it to another thread"? I would like to parse various Service Fabric events as per above. Thanks!

[swannman]

We use the TPL Dataflow library for this:

• A Producer<T> block registers for the ETW callback and copies the relevant properties from the ETW event into a new POCO of type T
• A Consumer<T> block receives events of type T and applies business logic to them (filter, aggregate, transform, audit, alert, etc)
• The Dataflow library connects the Producer to the Consumer to form a pipeline

Here's a small Dataflow example that is unrelated to ETW but demonstrates the producer/consumer model: walkthrough.

Another approach could be to use the .NET Reactive extensions.

[MedAnd]

Big fan of the TPL and makes perfect sense... in .Net Core may also be a good fit for System.Threading.Channels.

Any chance you have or could add an example of managed "parse out the event"? From what I understand each provider uses a different ETW event schema, so I'm not sure how I can take the above "record" and turn in into a JSON document.

Looking at record in debug mode, it has very little info but assume this is because the record is really alive in native code... if that makes any sense?

[swannman]

The file at examples/ManagedExamples/UserTrace001.cs shows how to access a property on an ETW event.

To identify the properties that will be accessible for a given event, capture an example event with Message Analyzer and inspect it. Here's a walkthrough: link