GitHub - renatopagan/ETWSplitter: Split Event Tracing for Windows Files Into Smaller Pieces

ETWSplitter

I had a 4GB ETW file (event tracing for Windows) that I needed to analyze with Message Analyzer.

But Message Analyzer couldn't handle it because it was too large.

So I wanted to break the *.etl file up into smaller chunks so that my analysis tools could handle it in smaller pieces.

But this is a binary ETW trace. It is not as trivial to split these files as just a simple text file.

So I found the Microsoft.Diagnostics.Tracing.TraceEvent library which you can find on Nuget.

https://www.nuget.org/packages/Microsoft.Diagnostics.Tracing.TraceEvent/

I wrote this little program in 10 minutes to break up these *.etl files into smaller chunks.

Usage: ETWSplitter.exe <InputFile.etl> <OutputFile.etl> <#_of_Files> [compress]

No compression:

There is optional compression you can use too.

Really, this program is trivial, but was very useful to me and my colleagues at the time. All of the real magic is in the TraceEvent library, which isn't mine.

You can find a compiled ETWSplitter.exe in the Releases section.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
Properties		Properties
.gitattributes		.gitattributes
.gitignore		.gitignore
App.config		App.config
ETWSplitter.csproj		ETWSplitter.csproj
ETWSplitter.sln		ETWSplitter.sln
FodyWeavers.xml		FodyWeavers.xml
Program.cs		Program.cs
README.md		README.md
TraceEvent.ReadMe.txt		TraceEvent.ReadMe.txt
TraceEvent.ReleaseNotes.txt		TraceEvent.ReleaseNotes.txt
_TraceEventProgrammersGuide.docx		_TraceEventProgrammersGuide.docx
packages.config		packages.config
usage1.png		usage1.png

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

About

Releases

Packages

Languages

renatopagan/ETWSplitter

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages