Event ID 103 — Volume Periodic Cache Information.

Provider: Microsoft-Windows-Kernel-Cache
Channel: Operational
Level: Informational
Task: CacheVolumePeriodic

Description

Volume Periodic Cache Information.

Message #

Volume Periodic Cache Information:

                       Device GUID: %1
                       Period Duration (microseconds): %2
                       Total Dirty Pages: %3
                       Maximum Dirty Pages: %4
                       Total Dirty Page Threshold: %5
                       Top Dirty Page Threshold: %6
                       Bottom Dirty Page Threshold: %7
                       Dirty Page Samples: %8
                       Total Lazy Writer Calls: %9
                       Total Lazy Writer Latency: %10
                       Total Lazy Writer Pages Flushed: %11
                       Lazy Writer Average Pages Per Second: %12
                       Total Pages Queued to Disk: %13
                       Maximum Pages Queued to Disk: %14
                       Pages Queued to Disk Samples: %15
                       Total Metadata Pages Queued to Disk: %16
                       Maximum Metadata Pages Queued to Disk: %17
                       Metadata Pages Queued to Disk Samples: %18
                       Read Total Bytes: %19
                       Read Paged-In Total Bytes: %20
                       Read-Ahead Total Bytes: %21
                       Cache Hit Ratio (%): %22
                       Total Writes: %23
                       Total Hard-Throttle Writes: %24
                       Total Soft-Throttle Writes: %25
                       Total Synchronous Read IO Count: %26
                       Total Synchronous Non-Blocking Read IO Count: %27
                       Total Failed Synchronous Non-Blocking Read IO Count: %28
                       Synchronous Read IO Maximum Latency (us): %29
                       Synchronous Read IO Non-Blocking Maximum Latency (us): %30
                       Total Synchronous Write IO Count: %31
                       Total Synchronous Non-Blocking Write IO Count: %32
                       Total Failed Synchronous Non-Blocking Write IO Count: %33
                       Synchronous Write IO Maximum Latency (us): %34
                       Synchronous Write IO Non-Blockinig Maximum Latency (us): %35
                       Total Asynchronous Read IO Count: %36
                       Asynchronous Read IO Maximum Latency (us): %37

Fields #

Name	Description
`VolumeDeviceGuid` GUID	[Volume Periodic Cache Information] Device GUID.
`PeriodDurationMicroSec` UInt64	[Volume Periodic Cache Information] Period Duration (microseconds).
`TotalDirtyPages` UInt64	[Volume Periodic Cache Information] Total Dirty Pages.
`MaxDirtyPages` UInt64	[Volume Periodic Cache Information] Maximum Dirty Pages.
`TotalDirtyPageThreshold` UInt64	[Volume Periodic Cache Information] Total Dirty Page Threshold.
`TopDirtyPageThreshold` UInt64	[Volume Periodic Cache Information] Top Dirty Page Threshold.
`BottomDirtyPageThreshold` UInt64	[Volume Periodic Cache Information] Bottom Dirty Page Threshold.
`DirtyPageSamples` UInt64	[Volume Periodic Cache Information] Dirty Page Samples.
`LazyWriterCalls` UInt64	[Volume Periodic Cache Information] Total Lazy Writer Calls.
`TotalLazyWriterLatency` UInt64	[Volume Periodic Cache Information] Total Lazy Writer Latency.
`TotalLazyWriterPagesFlushed` UInt64	[Volume Periodic Cache Information] Total Lazy Writer Pages Flushed.
`LazyWriterAvgPagesPerSecond` UInt64	[Volume Periodic Cache Information] Lazy Writer Average Pages Per Second.
`TotalPagesQueuedToDisk` UInt64	[Volume Periodic Cache Information] Total Pages Queued to Disk.
`MaxPagesQueuedToDisk` UInt64	[Volume Periodic Cache Information] Maximum Pages Queued to Disk.
`PagesQueuedToDiskSamples` UInt64	[Volume Periodic Cache Information] Pages Queued to Disk Samples.
`TotalLoggedPagesQueuedToDisk` UInt64	[Volume Periodic Cache Information] Total Metadata Pages Queued to Disk.
`MaxLoggedPagesQueuedToDisk` UInt64	[Volume Periodic Cache Information] Maximum Metadata Pages Queued to Disk.
`LoggedPagesQueuedToDiskSamples` UInt64	[Volume Periodic Cache Information] Metadata Pages Queued to Disk Samples.
`ReadTotalBytes` UInt64	[Volume Periodic Cache Information] Read Total Bytes.
`ReadPagedInTotalBytes` UInt64	[Volume Periodic Cache Information] Read Paged-In Total Bytes.
`ReadAheadTotalBytes` UInt64	[Volume Periodic Cache Information] Read-Ahead Total Bytes.
`CacheHitRatio` UInt64	[Volume Periodic Cache Information] ).
`TotalWrites` UInt64	[Volume Periodic Cache Information] Total Writes.
`TotalHardThrottleWrites` UInt64	[Volume Periodic Cache Information] Total Hard-Throttle Writes.
`TotalSoftThrottleWrites` UInt64	[Volume Periodic Cache Information] Total Soft-Throttle Writes.
`TotalSynchronousReadIoCount` UInt64	[Volume Periodic Cache Information] Total Synchronous Read IO Count.
`TotalSynchronousNonBlockingReadIoCount` UInt64	[Volume Periodic Cache Information] Total Synchronous Non-Blocking Read IO Count.
`TotalFailedSynchronousNonBlockingReadIoCount` UInt64	[Volume Periodic Cache Information] Total Failed Synchronous Non-Blocking Read IO Count.
`SynchronousReadIoMaxLatency` UInt64	[Volume Periodic Cache Information] Synchronous Read IO Maximum Latency (us).
`SynchronousReadIoNonBlockingMaxLatency` UInt64	[Volume Periodic Cache Information] Synchronous Read IO Non-Blocking Maximum Latency (us).
`TotalSynchronousWriteIoCount` UInt64	[Volume Periodic Cache Information] Total Synchronous Write IO Count.
`TotalSynchronousNonBlockingWriteIoCount` UInt64	[Volume Periodic Cache Information] Total Synchronous Non-Blocking Write IO Count.
`TotalFailedSynchronousNonBlockingWriteIoCount` UInt64	[Volume Periodic Cache Information] Total Failed Synchronous Non-Blocking Write IO Count.
`SynchronousWriteIoMaxLatency` UInt64	[Volume Periodic Cache Information] Synchronous Write IO Maximum Latency (us).
`SynchronousWriteIoNonBlockingMaxLatency` UInt64	[Volume Periodic Cache Information] Synchronous Write IO Non-Blockinig Maximum Latency (us).
`TotalAsynchronousReadIoCount` UInt64	[Volume Periodic Cache Information] Total Asynchronous Read IO Count.
`AsynchronousReadIoMaxLatency` UInt64	[Volume Periodic Cache Information] Asynchronous Read IO Maximum Latency (us).

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Kernel-Cache",
    "guid": "A2D34BF1-70AB-5B21-C819-5A0DD42748FD",
    "event_source_name": "",
    "event_id": 103,
    "version": 2,
    "level": 4,
    "task": 103,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2023-11-06T01:55:43.038617+00:00",
    "event_record_id": 102,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 20724
    },
    "channel": "Microsoft-Windows-Kernel-Cache/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "VolumeDeviceGuid": "00000000-0000-0000-0000-000000000000",
    "PeriodDurationMicroSec": 3644934575,
    "TotalDirtyPages": 0,
    "MaxDirtyPages": 0,
    "TotalDirtyPageThreshold": 0,
    "TopDirtyPageThreshold": 0,
    "BottomDirtyPageThreshold": 0,
    "DirtyPageSamples": 0,
    "LazyWriterCalls": 0,
    "TotalLazyWriterLatency": 0,
    "TotalLazyWriterPagesFlushed": 0,
    "LazyWriterAvgPagesPerSecond": 0,
    "TotalPagesQueuedToDisk": 0,
    "MaxPagesQueuedToDisk": 0,
    "PagesQueuedToDiskSamples": 0,
    "TotalLoggedPagesQueuedToDisk": 0,
    "MaxLoggedPagesQueuedToDisk": 0,
    "LoggedPagesQueuedToDiskSamples": 0,
    "ReadTotalBytes": 2097152,
    "ReadPagedInTotalBytes": 1048576,
    "ReadAheadTotalBytes": 0,
    "CacheHitRatio": 50,
    "TotalWrites": 0,
    "TotalHardThrottleWrites": 0,
    "TotalSoftThrottleWrites": 0,
    "TotalSynchronousReadIoCount": 8,
    "TotalSynchronousNonBlockingReadIoCount": 0,
    "TotalFailedSynchronousNonBlockingReadIoCount": 0,
    "SynchronousReadIoMaxLatency": 1581,
    "SynchronousReadIoNonBlockingMaxLatency": 0,
    "TotalSynchronousWriteIoCount": 0,
    "TotalSynchronousNonBlockingWriteIoCount": 0,
    "TotalFailedSynchronousNonBlockingWriteIoCount": 0,
    "SynchronousWriteIoMaxLatency": 0,
    "SynchronousWriteIoNonBlockingMaxLatency": 0,
    "TotalAsynchronousReadIoCount": 0,
    "AsynchronousReadIoMaxLatency": 0
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline