Microsoft-Windows-Defrag

3 events across 1 channel

Event ID	Title	Channel
258	The storage optimizer successfully completed shrink on (C:)	Application
262	The storage optimizer skipped slab consolidation on OS (C:) because: Slab size …	Application
264		Application

Event ID 258 — The storage optimizer successfully completed shrink on (C:)

Provider: Microsoft-Windows-Defrag
Channel: Application

Fields #

Name	Description
`Data`	—
`Binary`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Defrag",
    "guid": "",
    "event_source_name": "",
    "event_id": 258,
    "version": 0,
    "level": 0,
    "task": 0,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2022-04-07T16:45:03.649359+00:00",
    "event_record_id": 5,
    "correlation": {},
    "execution": {
      "process_id": 0,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "WIN-FPV0DSIC9O6",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "Data": [
      "shrink",
      "(C:)"
    ],
    "Binary": "AAAAAC4CAAASAgAAAAAAACI2eWJTO7YXZ+MAAAAAAAAAAAAA"
  },
  "message": "The storage optimizer successfully completed shrink on (C:)"
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 262 — The storage optimizer skipped slab consolidation on OS (C:) because: Slab size is too small.

Provider: Microsoft-Windows-Defrag
Channel: Application
Level: Informational

Fields #

Name	Description
`Data`	—
`Binary`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Defrag",
    "guid": "",
    "event_source_name": "",
    "event_id": 262,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2026-01-28T03:03:30.594963+00:00",
    "event_record_id": 260,
    "correlation": {},
    "execution": {
      "process_id": 5876,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "JD-commando",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "Data": [
      "slab consolidation",
      "OS (C:)",
      "Slab size is too small. (0x8900002D)"
    ],
    "Binary": "LQAAiX8EAAARAgAAFAIAACI2uULZsb04GwcAAAAAAAAAAAAA"
  },
  "message": "The storage optimizer skipped slab consolidation on OS (C:) because: Slab size is too small. (0x8900002D)"
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 264 —

Provider: Microsoft-Windows-Defrag
Channel: Application
Level: Informational

Fields #

Name	Description
`Data_0`	—
`Data_1`	—
`Data_2`	—
`Binary`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Defrag",
    "guid": "",
    "event_source_name": "",
    "event_id": 264,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2023-11-06T01:13:25.597872+00:00",
    "event_record_id": 1984,
    "correlation": {},
    "execution": {
      "process_id": 12888,
      "thread_id": 0
    },
    "channel": "Application",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "Data_0": "boot optimization",
    "Data_1": "Windows (C:)",
    "Data_2": "The user cancelled the operation. (0x89000006)",
    "Binary": "0600008926040000310300003403000022B630DF6479C7F6E26C1C000000000000000000"
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline