Keyword (in SystemProvider)
Describes the kernel flags that can be enabled for the kernel-mode session.
Element Hierarchy
- <WindowsPerformanceRecorder>
- <Profiles>
- <SystemProvider>
- <Keywords (in SystemProvider)>
- <Keyword (in SystemProvider)>
- <CaptureStateOnStart>
- <Keyword (in SystemProvider)>
- <CaptureStateOnSave>
- <Keyword (in SystemProvider)>
- <CaptureStateOnDemand>
- <Keyword (in SystemProvider)>
- <Keywords (in SystemProvider)>
- <Profile>
- <Collectors>
- <SystemCollectorId>
- <SystemProviderId>
- <Keywords (in SystemProvider)>
- <Keyword (in SystemProvider)>
- <CaptureStateOnStart>
- <Keyword (in SystemProvider)>
- <CaptureStateOnSave>
- <Keyword (in SystemProvider)>
- <CaptureStateOnDemand>
- <Keyword (in SystemProvider)>
- <Keywords (in SystemProvider)>
- <SystemProvider>
- <Keywords (in SystemProvider)>
- <Keyword (in SystemProvider)>
- <CaptureStateOnStart>
- <Keyword (in SystemProvider)>
- <CaptureStateOnSave>
- <Keyword (in SystemProvider)>
- <CaptureStateOnDemand>
- <Keyword (in SystemProvider)>
- <Keywords (in SystemProvider)>
- <SystemProviderId>
- <SystemCollectorId>
- <Collectors>
- <SystemProvider>
- <Profiles>
Syntax
<Keyword Value = "AllFaults" | "CompactCSwitch" | "ContiguousMemorygeneration" | ...
Strict = "true" | "false"
RundownFlag = "Start" | "Stop">
</Keyword>
Attributes and Elements
Attributes
| Attribute | Description | Data type | Required | Default |
|---|---|---|---|---|
| Value | Describes the system Event Tracing for Windows (ETW) event. | See the Remarks section for possible values. | Yes | |
| Strict | Fails to start trace if the current OS does not supports the keyword. | boolean | No | false |
| RundownFlag | This attribute can have one of the following values:
|
Only required for Capturestate* keywords. | None |
Child Elements
None.
Parent Elements
| Element | Description |
|---|---|
| Keywords (in SystemProvider) | Represents a collection of system keywords. |
Remarks
The following table describes possible values for the Value attribute.
| Value | Description |
|---|---|
| AllFaults | All faults are logged. |
| CompactCSwitch | Used in connection with CSwitch, this reduces the information logged for each CSwitch, as well as uses differential compression and batching. |
| ContiguousMemorygeneration | Contiguous memory generation is logged. |
| CpuConfig | Changes in CPU configuration are logged. |
| CSwitch | Context switch activity is logged. |
| DiskIO | Disk I/O is logged. |
| DiskIOInitialization | Disk I/O initialization is logged. |
| DPC | Deferred procedure calls are logged. |
| Drivers | Driver activity is logged. |
| FileIO | File I/O is logged. |
| FileIOInit | File I/O initialization is logged. |
| Filename | The file name is logged. |
| FootPrint | Used to do memory analysis, this specifies to flush the working set on a special flush mark. |
| HardFaults | Hard faults are logged. |
| IdleStates | Idle states are logged. |
| Interrupt | Interrupts are logged. |
| KernelQueue | Changes to the kernel queue are logged. |
| Loader | Kernel and user mode load and unload events are logged. |
| Memory | Provides events about physical memory usage. |
| MemoryInfo | Provides basic information about the memory manager, such as number of free, used, and standby pages, and so on. |
| Pool | Changes to the memory pool are logged. |
| Power | Power consumption is logged. |
| ProcessCounter | Indicates that the profile has a process counter. |
| ProcessThread | Process and thread creation and deletion events are logged. |
| ReadyThread | Ready thread events are logged. |
| Registry | Changes to the registry are logged. |
| SampledProfile | The profile is sampled. |
| SpinLock | Spinlock information is logged. |
| SplitIO | Provides events about split I/O requests. Single I/O requests can be split into multiple requests because of disk fragmentation or other reasons. |
| SystemCall | System calls are logged. |
| ThreadPriority | Changes in thread priority are logged. |
| Timer | Provides events about the system timer. |
| VirtualAllocation | Virtual memory allocation is logged. |