none
Where is the PID/Image Name info?

Answers

  • Since we revamped the entire architecture, we haven't had a chance to add the exact same process tracking feature we had in Network Monitor.  For ETW based traces, (which is what Message Analyzer uses,) you can group by the ProcessID, but it isn't using the exact same method so the Process IDs reported could be different.

    Paul

    Wednesday, September 25, 2013 4:34 PM
    Owner
  • Yes, it certainly is coming back.  Process Tracking was a complex feature that tied deeply into the capturing stack.  Moving forward the capture stack is moving into the OS which makes re-integration a slightly longer term goal.  But correlations is one of our mantra's, so I think it has high priority.

    However, you can still organize by process in new traces, which might still be helpful.  For more details, read this blog about Grouping, a new correlation tool which perhaps you can see is the start of a more dynamic conversation tree.

    Paul

    Thursday, September 26, 2013 1:30 PM
    Owner

All replies

  • Since we revamped the entire architecture, we haven't had a chance to add the exact same process tracking feature we had in Network Monitor.  For ETW based traces, (which is what Message Analyzer uses,) you can group by the ProcessID, but it isn't using the exact same method so the Process IDs reported could be different.

    Paul

    Wednesday, September 25, 2013 4:34 PM
    Owner
  • Paul, you have removed the main feature that had me using Network Monitor over Wireshark.  Is there any chance of it coming back?

    Britt

    Thursday, September 26, 2013 5:16 AM
  • Yes, it certainly is coming back.  Process Tracking was a complex feature that tied deeply into the capturing stack.  Moving forward the capture stack is moving into the OS which makes re-integration a slightly longer term goal.  But correlations is one of our mantra's, so I think it has high priority.

    However, you can still organize by process in new traces, which might still be helpful.  For more details, read this blog about Grouping, a new correlation tool which perhaps you can see is the start of a more dynamic conversation tree.

    Paul

    Thursday, September 26, 2013 1:30 PM
    Owner
  • This took me a bit to figure out, so for anyone else, you can group by Process ID (PID) by adding EventRecord.Header.ProcessId to a column, then right-clicking that column header and select "Group".

    Step 1 (type in "EventRecord"):

    Step 1

    Step 2:

    Its not great though.  I've found some important network traffic with "0" in this column...



    Mike Crowley | MVP
    My Blog -- Planet Technologies


    Monday, October 28, 2013 11:48 PM