Microsoft-Windows-Kernel-Cache
5 events across 1 channel
| Event ID | Title | Channel |
|---|---|---|
| 101 | Initialized VolumeCacheMap for device guid: VolumeDeviceGuid. | Operational |
| 102 | Global Periodic Cache Information. | Operational |
| 103 | Volume Periodic Cache Information. | Operational |
| 104 | Volume Periodic Cache Read Latency Information. | Operational |
| 105 | Volume Periodic Cache Write Latency Information. | Operational |
Event ID 101 — Initialized VolumeCacheMap for device guid: VolumeDeviceGuid.
#Description
Initialized VolumeCacheMap for device guid: VolumeDeviceGuid.
Message #
Fields #
| Name | Description |
|---|---|
VolumeDeviceGuid GUID | Initialized VolumeCacheMap for device guid. |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Cache",
"guid": "A2D34BF1-70AB-5B21-C819-5A0DD42748FD",
"event_source_name": "",
"event_id": 101,
"version": 0,
"level": 4,
"task": 101,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2023-11-06T06:25:20.815436+00:00",
"event_record_id": 62,
"correlation": {},
"execution": {
"process_id": 4,
"thread_id": 96
},
"channel": "Microsoft-Windows-Kernel-Cache/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"VolumeDeviceGuid": "F8B2740A-2324-44DB-BBF8-80523FE5334B"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 102 — Global Periodic Cache Information.
#Description
Global Periodic Cache Information.
Message #
Fields #
| Name | Description |
|---|---|
PeriodDurationMicroSec UInt64 | [Global Periodic Cache Information] Period Duration (microseconds). |
EventSamples UInt64 | [Global Periodic Cache Information] Event Samples. |
TotalNumberOfMappedVacbs UInt64 | [Global Periodic Cache Information] Total Number of Mapped VACBs. |
TotalPartitionSamples UInt64 | [Global Periodic Cache Information] Total Partition Samples. |
TotalVolumeSamples UInt64 | [Global Periodic Cache Information] Total Volume Samples. |
TotalPagesYetToWrite UInt64 | [Global Periodic Cache Information] Total Pages Yet to Write. |
TotalDirtyPages UInt64 | [Global Periodic Cache Information] Total Dirty Pages. |
TotalAvailablePages UInt64 | [Global Periodic Cache Information] Total Available Pages. |
TotalNumberWorkerThreads UInt64 | [Global Periodic Cache Information] Total Number of Worker Threads. |
TotalNumberActiveWorkerThreads UInt64 | [Global Periodic Cache Information] Total Number of Active Worker Threads. |
TotalAverageAvailablePages UInt64 | [Global Periodic Cache Information] Total Average Available Pages. |
TotalAverageDirtyPages UInt64 | [Global Periodic Cache Information] Total Average Dirty Pages. |
CcCopyReadCalls UInt64 | [Global Periodic Cache Information] CopyRead Calls. |
CcAsyncCopyReadCalls UInt64 | [Global Periodic Cache Information] AsyncCopyRead Calls. |
CcCopyWriteCalls UInt64 | [Global Periodic Cache Information] CopyWriteCalls. |
CcSetValidDataCalls UInt64 | [Global Periodic Cache Information] SetValidData Calls. |
CcFlushCacheCalls UInt64 | [Global Periodic Cache Information] FlushCache Calls. |
NumberOfNUMANodes UInt32 | [Global Periodic Cache Information] Number of NUMA Nodes. |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Cache",
"guid": "A2D34BF1-70AB-5B21-C819-5A0DD42748FD",
"event_source_name": "",
"event_id": 102,
"version": 3,
"level": 4,
"task": 102,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2023-11-06T01:55:43.038583+00:00",
"event_record_id": 98,
"correlation": {},
"execution": {
"process_id": 4,
"thread_id": 20724
},
"channel": "Microsoft-Windows-Kernel-Cache/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"PeriodDurationMicroSec": 3644934575,
"EventSamples": 29,
"TotalNumberOfMappedVacbs": 138048,
"TotalPartitionSamples": 29,
"TotalVolumeSamples": 116,
"TotalPagesYetToWrite": 19570,
"TotalDirtyPages": 54912,
"TotalAvailablePages": 17380487,
"TotalNumberWorkerThreads": 464,
"TotalNumberActiveWorkerThreads": 0,
"TotalAverageAvailablePages": 134464943,
"TotalAverageDirtyPages": 72254,
"CcCopyReadCalls": 3616969,
"CcAsyncCopyReadCalls": 3935,
"CcCopyWriteCalls": 475546,
"CcSetValidDataCalls": 44286,
"CcFlushCacheCalls": 237825,
"NumberOfNUMANodes": 1
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 103 — Volume Periodic Cache Information.
#Description
Volume Periodic Cache Information.
Message #
Fields #
| Name | Description |
|---|---|
VolumeDeviceGuid GUID | [Volume Periodic Cache Information] Device GUID. |
PeriodDurationMicroSec UInt64 | [Volume Periodic Cache Information] Period Duration (microseconds). |
TotalDirtyPages UInt64 | [Volume Periodic Cache Information] Total Dirty Pages. |
MaxDirtyPages UInt64 | [Volume Periodic Cache Information] Maximum Dirty Pages. |
TotalDirtyPageThreshold UInt64 | [Volume Periodic Cache Information] Total Dirty Page Threshold. |
TopDirtyPageThreshold UInt64 | [Volume Periodic Cache Information] Top Dirty Page Threshold. |
BottomDirtyPageThreshold UInt64 | [Volume Periodic Cache Information] Bottom Dirty Page Threshold. |
DirtyPageSamples UInt64 | [Volume Periodic Cache Information] Dirty Page Samples. |
LazyWriterCalls UInt64 | [Volume Periodic Cache Information] Total Lazy Writer Calls. |
TotalLazyWriterLatency UInt64 | [Volume Periodic Cache Information] Total Lazy Writer Latency. |
TotalLazyWriterPagesFlushed UInt64 | [Volume Periodic Cache Information] Total Lazy Writer Pages Flushed. |
LazyWriterAvgPagesPerSecond UInt64 | [Volume Periodic Cache Information] Lazy Writer Average Pages Per Second. |
TotalPagesQueuedToDisk UInt64 | [Volume Periodic Cache Information] Total Pages Queued to Disk. |
MaxPagesQueuedToDisk UInt64 | [Volume Periodic Cache Information] Maximum Pages Queued to Disk. |
PagesQueuedToDiskSamples UInt64 | [Volume Periodic Cache Information] Pages Queued to Disk Samples. |
TotalLoggedPagesQueuedToDisk UInt64 | [Volume Periodic Cache Information] Total Metadata Pages Queued to Disk. |
MaxLoggedPagesQueuedToDisk UInt64 | [Volume Periodic Cache Information] Maximum Metadata Pages Queued to Disk. |
LoggedPagesQueuedToDiskSamples UInt64 | [Volume Periodic Cache Information] Metadata Pages Queued to Disk Samples. |
ReadTotalBytes UInt64 | [Volume Periodic Cache Information] Read Total Bytes. |
ReadPagedInTotalBytes UInt64 | [Volume Periodic Cache Information] Read Paged-In Total Bytes. |
ReadAheadTotalBytes UInt64 | [Volume Periodic Cache Information] Read-Ahead Total Bytes. |
CacheHitRatio UInt64 | [Volume Periodic Cache Information] ). |
TotalWrites UInt64 | [Volume Periodic Cache Information] Total Writes. |
TotalHardThrottleWrites UInt64 | [Volume Periodic Cache Information] Total Hard-Throttle Writes. |
TotalSoftThrottleWrites UInt64 | [Volume Periodic Cache Information] Total Soft-Throttle Writes. |
TotalSynchronousReadIoCount UInt64 | [Volume Periodic Cache Information] Total Synchronous Read IO Count. |
TotalSynchronousNonBlockingReadIoCount UInt64 | [Volume Periodic Cache Information] Total Synchronous Non-Blocking Read IO Count. |
TotalFailedSynchronousNonBlockingReadIoCount UInt64 | [Volume Periodic Cache Information] Total Failed Synchronous Non-Blocking Read IO Count. |
SynchronousReadIoMaxLatency UInt64 | [Volume Periodic Cache Information] Synchronous Read IO Maximum Latency (us). |
SynchronousReadIoNonBlockingMaxLatency UInt64 | [Volume Periodic Cache Information] Synchronous Read IO Non-Blocking Maximum Latency (us). |
TotalSynchronousWriteIoCount UInt64 | [Volume Periodic Cache Information] Total Synchronous Write IO Count. |
TotalSynchronousNonBlockingWriteIoCount UInt64 | [Volume Periodic Cache Information] Total Synchronous Non-Blocking Write IO Count. |
TotalFailedSynchronousNonBlockingWriteIoCount UInt64 | [Volume Periodic Cache Information] Total Failed Synchronous Non-Blocking Write IO Count. |
SynchronousWriteIoMaxLatency UInt64 | [Volume Periodic Cache Information] Synchronous Write IO Maximum Latency (us). |
SynchronousWriteIoNonBlockingMaxLatency UInt64 | [Volume Periodic Cache Information] Synchronous Write IO Non-Blockinig Maximum Latency (us). |
TotalAsynchronousReadIoCount UInt64 | [Volume Periodic Cache Information] Total Asynchronous Read IO Count. |
AsynchronousReadIoMaxLatency UInt64 | [Volume Periodic Cache Information] Asynchronous Read IO Maximum Latency (us). |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Cache",
"guid": "A2D34BF1-70AB-5B21-C819-5A0DD42748FD",
"event_source_name": "",
"event_id": 103,
"version": 2,
"level": 4,
"task": 103,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2023-11-06T01:55:43.038617+00:00",
"event_record_id": 102,
"correlation": {},
"execution": {
"process_id": 4,
"thread_id": 20724
},
"channel": "Microsoft-Windows-Kernel-Cache/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"VolumeDeviceGuid": "00000000-0000-0000-0000-000000000000",
"PeriodDurationMicroSec": 3644934575,
"TotalDirtyPages": 0,
"MaxDirtyPages": 0,
"TotalDirtyPageThreshold": 0,
"TopDirtyPageThreshold": 0,
"BottomDirtyPageThreshold": 0,
"DirtyPageSamples": 0,
"LazyWriterCalls": 0,
"TotalLazyWriterLatency": 0,
"TotalLazyWriterPagesFlushed": 0,
"LazyWriterAvgPagesPerSecond": 0,
"TotalPagesQueuedToDisk": 0,
"MaxPagesQueuedToDisk": 0,
"PagesQueuedToDiskSamples": 0,
"TotalLoggedPagesQueuedToDisk": 0,
"MaxLoggedPagesQueuedToDisk": 0,
"LoggedPagesQueuedToDiskSamples": 0,
"ReadTotalBytes": 2097152,
"ReadPagedInTotalBytes": 1048576,
"ReadAheadTotalBytes": 0,
"CacheHitRatio": 50,
"TotalWrites": 0,
"TotalHardThrottleWrites": 0,
"TotalSoftThrottleWrites": 0,
"TotalSynchronousReadIoCount": 8,
"TotalSynchronousNonBlockingReadIoCount": 0,
"TotalFailedSynchronousNonBlockingReadIoCount": 0,
"SynchronousReadIoMaxLatency": 1581,
"SynchronousReadIoNonBlockingMaxLatency": 0,
"TotalSynchronousWriteIoCount": 0,
"TotalSynchronousNonBlockingWriteIoCount": 0,
"TotalFailedSynchronousNonBlockingWriteIoCount": 0,
"SynchronousWriteIoMaxLatency": 0,
"SynchronousWriteIoNonBlockingMaxLatency": 0,
"TotalAsynchronousReadIoCount": 0,
"AsynchronousReadIoMaxLatency": 0
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 104 — Volume Periodic Cache Read Latency Information.
#Description
Volume Periodic Cache Read Latency Information.
Message #
Fields #
| Name | Description |
|---|---|
VolumeDeviceGuid GUID | [Volume Periodic Cache Read Latency Information] Device GUID. |
PeriodDurationMicroSec UInt64 | [Volume Periodic Cache Read Latency Information] Period Duration (microseconds). |
SynchronousReadIoCountsBucket1 UInt64 | — |
SynchronousReadIoCountsBucket2 UInt64 | — |
SynchronousReadIoCountsBucket3 UInt64 | — |
SynchronousReadIoCountsBucket4 UInt64 | — |
SynchronousReadIoCountsBucket5 UInt64 | — |
SynchronousReadIoCountsBucket6 UInt64 | — |
SynchronousReadIoCountsBucket7 UInt64 | — |
SynchronousReadIoCountsBucket8 UInt64 | — |
SynchronousReadIoCountsBucket9 UInt64 | — |
SynchronousReadIoCountsBucket10 UInt64 | — |
SynchronousReadIoCountsBucket11 UInt64 | — |
SynchronousReadIoCountsBucket12 UInt64 | — |
SynchronousReadTotalLatencyBucket1 UInt64 | — |
SynchronousReadTotalLatencyBucket2 UInt64 | — |
SynchronousReadTotalLatencyBucket3 UInt64 | — |
SynchronousReadTotalLatencyBucket4 UInt64 | — |
SynchronousReadTotalLatencyBucket5 UInt64 | — |
SynchronousReadTotalLatencyBucket6 UInt64 | — |
SynchronousReadTotalLatencyBucket7 UInt64 | — |
SynchronousReadTotalLatencyBucket8 UInt64 | — |
SynchronousReadTotalLatencyBucket9 UInt64 | — |
SynchronousReadTotalLatencyBucket10 UInt64 | — |
SynchronousReadTotalLatencyBucket11 UInt64 | — |
SynchronousReadTotalLatencyBucket12 UInt64 | — |
SynchronousReadNonBlockingIoCountsBucket1 UInt64 | — |
SynchronousReadNonBlockingIoCountsBucket2 UInt64 | — |
SynchronousReadNonBlockingIoCountsBucket3 UInt64 | — |
SynchronousReadNonBlockingIoCountsBucket4 UInt64 | — |
SynchronousReadNonBlockingIoCountsBucket5 UInt64 | — |
SynchronousReadNonBlockingIoCountsBucket6 UInt64 | — |
SynchronousReadNonBlockingIoCountsBucket7 UInt64 | — |
SynchronousReadNonBlockingIoCountsBucket8 UInt64 | — |
SynchronousReadNonBlockingIoCountsBucket9 UInt64 | — |
SynchronousReadNonBlockingIoCountsBucket10 UInt64 | — |
SynchronousReadNonBlockingIoCountsBucket11 UInt64 | — |
SynchronousReadNonBlockingIoCountsBucket12 UInt64 | — |
SynchronousReadNonBlockingTotalLatencyBucket1 UInt64 | — |
SynchronousReadNonBlockingTotalLatencyBucket2 UInt64 | — |
SynchronousReadNonBlockingTotalLatencyBucket3 UInt64 | — |
SynchronousReadNonBlockingTotalLatencyBucket4 UInt64 | — |
SynchronousReadNonBlockingTotalLatencyBucket5 UInt64 | — |
SynchronousReadNonBlockingTotalLatencyBucket6 UInt64 | — |
SynchronousReadNonBlockingTotalLatencyBucket7 UInt64 | — |
SynchronousReadNonBlockingTotalLatencyBucket8 UInt64 | — |
SynchronousReadNonBlockingTotalLatencyBucket9 UInt64 | — |
SynchronousReadNonBlockingTotalLatencyBucket10 UInt64 | — |
SynchronousReadNonBlockingTotalLatencyBucket11 UInt64 | — |
SynchronousReadNonBlockingTotalLatencyBucket12 UInt64 | — |
AsynchronousReadIoCountsBucket1 UInt64 | — |
AsynchronousReadIoCountsBucket2 UInt64 | — |
AsynchronousReadIoCountsBucket3 UInt64 | — |
AsynchronousReadIoCountsBucket4 UInt64 | — |
AsynchronousReadIoCountsBucket5 UInt64 | — |
AsynchronousReadIoCountsBucket6 UInt64 | — |
AsynchronousReadIoCountsBucket7 UInt64 | — |
AsynchronousReadIoCountsBucket8 UInt64 | — |
AsynchronousReadIoCountsBucket9 UInt64 | — |
AsynchronousReadIoCountsBucket10 UInt64 | — |
AsynchronousReadIoCountsBucket11 UInt64 | — |
AsynchronousReadIoCountsBucket12 UInt64 | — |
AsynchronousReadTotalLatencyBucket1 UInt64 | — |
AsynchronousReadTotalLatencyBucket2 UInt64 | — |
AsynchronousReadTotalLatencyBucket3 UInt64 | — |
AsynchronousReadTotalLatencyBucket4 UInt64 | — |
AsynchronousReadTotalLatencyBucket5 UInt64 | — |
AsynchronousReadTotalLatencyBucket6 UInt64 | — |
AsynchronousReadTotalLatencyBucket7 UInt64 | — |
AsynchronousReadTotalLatencyBucket8 UInt64 | — |
AsynchronousReadTotalLatencyBucket9 UInt64 | — |
AsynchronousReadTotalLatencyBucket10 UInt64 | — |
AsynchronousReadTotalLatencyBucket11 UInt64 | — |
AsynchronousReadTotalLatencyBucket12 UInt64 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Cache",
"guid": "A2D34BF1-70AB-5B21-C819-5A0DD42748FD",
"event_source_name": "",
"event_id": 104,
"version": 1,
"level": 4,
"task": 104,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2023-11-06T01:55:43.038618+00:00",
"event_record_id": 103,
"correlation": {},
"execution": {
"process_id": 4,
"thread_id": 20724
},
"channel": "Microsoft-Windows-Kernel-Cache/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"VolumeDeviceGuid": "00000000-0000-0000-0000-000000000000",
"PeriodDurationMicroSec": 3644934575,
"SynchronousReadIoCountsBucket1": 5,
"SynchronousReadIoCountsBucket2": 2,
"SynchronousReadIoCountsBucket3": 1,
"SynchronousReadIoCountsBucket4": 0,
"SynchronousReadIoCountsBucket5": 0,
"SynchronousReadIoCountsBucket6": 0,
"SynchronousReadIoCountsBucket7": 0,
"SynchronousReadIoCountsBucket8": 0,
"SynchronousReadIoCountsBucket9": 0,
"SynchronousReadIoCountsBucket10": 0,
"SynchronousReadIoCountsBucket11": 0,
"SynchronousReadIoCountsBucket12": 0,
"SynchronousReadTotalLatencyBucket1": 249,
"SynchronousReadTotalLatencyBucket2": 1186,
"SynchronousReadTotalLatencyBucket3": 1581,
"SynchronousReadTotalLatencyBucket4": 0,
"SynchronousReadTotalLatencyBucket5": 0,
"SynchronousReadTotalLatencyBucket6": 0,
"SynchronousReadTotalLatencyBucket7": 0,
"SynchronousReadTotalLatencyBucket8": 0,
"SynchronousReadTotalLatencyBucket9": 0,
"SynchronousReadTotalLatencyBucket10": 0,
"SynchronousReadTotalLatencyBucket11": 0,
"SynchronousReadTotalLatencyBucket12": 0,
"SynchronousReadNonBlockingIoCountsBucket1": 0,
"SynchronousReadNonBlockingIoCountsBucket2": 0,
"SynchronousReadNonBlockingIoCountsBucket3": 0,
"SynchronousReadNonBlockingIoCountsBucket4": 0,
"SynchronousReadNonBlockingIoCountsBucket5": 0,
"SynchronousReadNonBlockingIoCountsBucket6": 0,
"SynchronousReadNonBlockingIoCountsBucket7": 0,
"SynchronousReadNonBlockingIoCountsBucket8": 0,
"SynchronousReadNonBlockingIoCountsBucket9": 0,
"SynchronousReadNonBlockingIoCountsBucket10": 0,
"SynchronousReadNonBlockingIoCountsBucket11": 0,
"SynchronousReadNonBlockingIoCountsBucket12": 0,
"SynchronousReadNonBlockingTotalLatencyBucket1": 0,
"SynchronousReadNonBlockingTotalLatencyBucket2": 0,
"SynchronousReadNonBlockingTotalLatencyBucket3": 0,
"SynchronousReadNonBlockingTotalLatencyBucket4": 0,
"SynchronousReadNonBlockingTotalLatencyBucket5": 0,
"SynchronousReadNonBlockingTotalLatencyBucket6": 0,
"SynchronousReadNonBlockingTotalLatencyBucket7": 0,
"SynchronousReadNonBlockingTotalLatencyBucket8": 0,
"SynchronousReadNonBlockingTotalLatencyBucket9": 0,
"SynchronousReadNonBlockingTotalLatencyBucket10": 0,
"SynchronousReadNonBlockingTotalLatencyBucket11": 0,
"SynchronousReadNonBlockingTotalLatencyBucket12": 0,
"AsynchronousReadIoCountsBucket1": 0,
"AsynchronousReadIoCountsBucket2": 0,
"AsynchronousReadIoCountsBucket3": 0,
"AsynchronousReadIoCountsBucket4": 0,
"AsynchronousReadIoCountsBucket5": 0,
"AsynchronousReadIoCountsBucket6": 0,
"AsynchronousReadIoCountsBucket7": 0,
"AsynchronousReadIoCountsBucket8": 0,
"AsynchronousReadIoCountsBucket9": 0,
"AsynchronousReadIoCountsBucket10": 0,
"AsynchronousReadIoCountsBucket11": 0,
"AsynchronousReadIoCountsBucket12": 0,
"AsynchronousReadTotalLatencyBucket1": 0,
"AsynchronousReadTotalLatencyBucket2": 0,
"AsynchronousReadTotalLatencyBucket3": 0,
"AsynchronousReadTotalLatencyBucket4": 0,
"AsynchronousReadTotalLatencyBucket5": 0,
"AsynchronousReadTotalLatencyBucket6": 0,
"AsynchronousReadTotalLatencyBucket7": 0,
"AsynchronousReadTotalLatencyBucket8": 0,
"AsynchronousReadTotalLatencyBucket9": 0,
"AsynchronousReadTotalLatencyBucket10": 0,
"AsynchronousReadTotalLatencyBucket11": 0,
"AsynchronousReadTotalLatencyBucket12": 0
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 105 — Volume Periodic Cache Write Latency Information.
#Description
Volume Periodic Cache Write Latency Information.
Message #
Fields #
| Name | Description |
|---|---|
VolumeDeviceGuid GUID | [Volume Periodic Cache Write Latency Information] Device GUID. |
PeriodDurationMicroSec UInt64 | [Volume Periodic Cache Write Latency Information] Period Duration (microseconds). |
SynchronousWriteIoCountsBucket1 UInt64 | — |
SynchronousWriteIoCountsBucket2 UInt64 | — |
SynchronousWriteIoCountsBucket3 UInt64 | — |
SynchronousWriteIoCountsBucket4 UInt64 | — |
SynchronousWriteIoCountsBucket5 UInt64 | — |
SynchronousWriteIoCountsBucket6 UInt64 | — |
SynchronousWriteIoCountsBucket7 UInt64 | — |
SynchronousWriteIoCountsBucket8 UInt64 | — |
SynchronousWriteIoCountsBucket9 UInt64 | — |
SynchronousWriteIoCountsBucket10 UInt64 | — |
SynchronousWriteIoCountsBucket11 UInt64 | — |
SynchronousWriteIoCountsBucket12 UInt64 | — |
SynchronousWriteTotalLatencyBucket1 UInt64 | — |
SynchronousWriteTotalLatencyBucket2 UInt64 | — |
SynchronousWriteTotalLatencyBucket3 UInt64 | — |
SynchronousWriteTotalLatencyBucket4 UInt64 | — |
SynchronousWriteTotalLatencyBucket5 UInt64 | — |
SynchronousWriteTotalLatencyBucket6 UInt64 | — |
SynchronousWriteTotalLatencyBucket7 UInt64 | — |
SynchronousWriteTotalLatencyBucket8 UInt64 | — |
SynchronousWriteTotalLatencyBucket9 UInt64 | — |
SynchronousWriteTotalLatencyBucket10 UInt64 | — |
SynchronousWriteTotalLatencyBucket11 UInt64 | — |
SynchronousWriteTotalLatencyBucket12 UInt64 | — |
SynchronousWriteNonBlockingIoCountsBucket1 UInt64 | — |
SynchronousWriteNonBlockingIoCountsBucket2 UInt64 | — |
SynchronousWriteNonBlockingIoCountsBucket3 UInt64 | — |
SynchronousWriteNonBlockingIoCountsBucket4 UInt64 | — |
SynchronousWriteNonBlockingIoCountsBucket5 UInt64 | — |
SynchronousWriteNonBlockingIoCountsBucket6 UInt64 | — |
SynchronousWriteNonBlockingIoCountsBucket7 UInt64 | — |
SynchronousWriteNonBlockingIoCountsBucket8 UInt64 | — |
SynchronousWriteNonBlockingIoCountsBucket9 UInt64 | — |
SynchronousWriteNonBlockingIoCountsBucket10 UInt64 | — |
SynchronousWriteNonBlockingIoCountsBucket11 UInt64 | — |
SynchronousWriteNonBlockingIoCountsBucket12 UInt64 | — |
SynchronousWriteNonBlockingTotalLatencyBucket1 UInt64 | — |
SynchronousWriteNonBlockingTotalLatencyBucket2 UInt64 | — |
SynchronousWriteNonBlockingTotalLatencyBucket3 UInt64 | — |
SynchronousWriteNonBlockingTotalLatencyBucket4 UInt64 | — |
SynchronousWriteNonBlockingTotalLatencyBucket5 UInt64 | — |
SynchronousWriteNonBlockingTotalLatencyBucket6 UInt64 | — |
SynchronousWriteNonBlockingTotalLatencyBucket7 UInt64 | — |
SynchronousWriteNonBlockingTotalLatencyBucket8 UInt64 | — |
SynchronousWriteNonBlockingTotalLatencyBucket9 UInt64 | — |
SynchronousWriteNonBlockingTotalLatencyBucket10 UInt64 | — |
SynchronousWriteNonBlockingTotalLatencyBucket11 UInt64 | — |
SynchronousWriteNonBlockingTotalLatencyBucket12 UInt64 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Cache",
"guid": "A2D34BF1-70AB-5B21-C819-5A0DD42748FD",
"event_source_name": "",
"event_id": 105,
"version": 1,
"level": 4,
"task": 105,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2023-11-06T01:55:43.038619+00:00",
"event_record_id": 104,
"correlation": {},
"execution": {
"process_id": 4,
"thread_id": 20724
},
"channel": "Microsoft-Windows-Kernel-Cache/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"VolumeDeviceGuid": "00000000-0000-0000-0000-000000000000",
"PeriodDurationMicroSec": 3644934575,
"SynchronousWriteIoCountsBucket1": 0,
"SynchronousWriteIoCountsBucket2": 0,
"SynchronousWriteIoCountsBucket3": 0,
"SynchronousWriteIoCountsBucket4": 0,
"SynchronousWriteIoCountsBucket5": 0,
"SynchronousWriteIoCountsBucket6": 0,
"SynchronousWriteIoCountsBucket7": 0,
"SynchronousWriteIoCountsBucket8": 0,
"SynchronousWriteIoCountsBucket9": 0,
"SynchronousWriteIoCountsBucket10": 0,
"SynchronousWriteIoCountsBucket11": 0,
"SynchronousWriteIoCountsBucket12": 0,
"SynchronousWriteTotalLatencyBucket1": 0,
"SynchronousWriteTotalLatencyBucket2": 0,
"SynchronousWriteTotalLatencyBucket3": 0,
"SynchronousWriteTotalLatencyBucket4": 0,
"SynchronousWriteTotalLatencyBucket5": 0,
"SynchronousWriteTotalLatencyBucket6": 0,
"SynchronousWriteTotalLatencyBucket7": 0,
"SynchronousWriteTotalLatencyBucket8": 0,
"SynchronousWriteTotalLatencyBucket9": 0,
"SynchronousWriteTotalLatencyBucket10": 0,
"SynchronousWriteTotalLatencyBucket11": 0,
"SynchronousWriteTotalLatencyBucket12": 0,
"SynchronousWriteNonBlockingIoCountsBucket1": 0,
"SynchronousWriteNonBlockingIoCountsBucket2": 0,
"SynchronousWriteNonBlockingIoCountsBucket3": 0,
"SynchronousWriteNonBlockingIoCountsBucket4": 0,
"SynchronousWriteNonBlockingIoCountsBucket5": 0,
"SynchronousWriteNonBlockingIoCountsBucket6": 0,
"SynchronousWriteNonBlockingIoCountsBucket7": 0,
"SynchronousWriteNonBlockingIoCountsBucket8": 0,
"SynchronousWriteNonBlockingIoCountsBucket9": 0,
"SynchronousWriteNonBlockingIoCountsBucket10": 0,
"SynchronousWriteNonBlockingIoCountsBucket11": 0,
"SynchronousWriteNonBlockingIoCountsBucket12": 0,
"SynchronousWriteNonBlockingTotalLatencyBucket1": 0,
"SynchronousWriteNonBlockingTotalLatencyBucket2": 0,
"SynchronousWriteNonBlockingTotalLatencyBucket3": 0,
"SynchronousWriteNonBlockingTotalLatencyBucket4": 0,
"SynchronousWriteNonBlockingTotalLatencyBucket5": 0,
"SynchronousWriteNonBlockingTotalLatencyBucket6": 0,
"SynchronousWriteNonBlockingTotalLatencyBucket7": 0,
"SynchronousWriteNonBlockingTotalLatencyBucket8": 0,
"SynchronousWriteNonBlockingTotalLatencyBucket9": 0,
"SynchronousWriteNonBlockingTotalLatencyBucket10": 0,
"SynchronousWriteNonBlockingTotalLatencyBucket11": 0,
"SynchronousWriteNonBlockingTotalLatencyBucket12": 0
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline