IMPORTANT ANNOUNCEMENT FOR OUR READERS!
AskPFEPlat is in the process of a transformation to the new Core Infrastructure and Security TechCommunity, and will be moving by the end of March 2019 to our new home at https://aka.ms/CISTechComm (hosted at https://techcommunity.microsoft.com). Please bear with us while we are still under construction!
We will continue bringing you the same great content, from the same great contributors, on our new platform. Until then, you can access our new content on either https://aka.ms/askpfeplat as you do today, or at our new site https://aka.ms/CISTechComm. Please feel free to update your bookmarks accordingly!
Why are we doing this? Simple really; we are looking to expand our team internally in order to provide you even more great content, as well as take on a more proactive role in the future with our readers (more to come on that later)! Since our team encompasses many more roles than Premier Field Engineers these days, we felt it was also time we reflected that initial expansion.
If you have never visited the TechCommunity site, it can be found at https://techcommunity.microsoft.com. On the TechCommunity site, you will find numerous technical communities across many topics, which include discussion areas, along with blog content.
NOTE: In addition to the AskPFEPlat-to-Core Infrastructure and Security transformation, Premier Field Engineers from all technology areas will be working together to expand the TechCommunity site even further, joining together in the technology agnostic Premier Field Engineering TechCommunity (along with Core Infrastructure and Security), which can be found at https://aka.ms/PFETechComm!
As always, thank you for continuing to read the Core Infrastructure and Security (AskPFEPlat) blog, and we look forward to providing you more great content well into the future!
Hey y’all Mark here with a post we should have written a long time ago. I obviously will blame someone else. It’s probably Tom Moser’s fault. Anyway, for those that have been fighting the good fight against SBSL and reading our blog you are probably very familiar with the tool Xperf. We’ve done five posts on that topic which can be found here. Xperf is a great tool but it has some areas to improve. Then James Klepikow showed you how to use the new and improved Windows Performance Recorder to capture a trace. So long remembering a super long command when you could just check some boxes, hit start and you had your data. Then you opened your data in Windows Performance Analyzer (WPA) and it looked like this.
Then you had no idea what to do next. So you probably moved your trace file back to a system that had Xperf on it and pretended like nobody saw it. You are not alone. I too felt the same way. Some of us PFEs that used WPA hit the ground running with this thing and never looked back. Some did not. I did not. I hit the ground and left a Wile E. Coyote hole shaped like me. Fear not, I have survived the fall and will show you how you probably did things in Xperf and now how to do them in WPA. We’ll have you moving like the Road Runner in no time. Let’s get to a few quick tips.
Some Basics and Process Lifetimes
The first thing you probably noticed is our graphs are all on the left. There is no more default view you are used to seeing. As our text indicates drag the graph you want to investigate to the right to start getting more info from that graph. You can order the graphs in the main window any way you want! Here I’ve selected our old friend Process Lifetimes and dragged him over.
Few things to notice. First, the time bar goes across the bottom for all charts, in Xperf each chart had the same duplicate time data. Second, this looks very similar to how the Xperf process lifetimes looked but cleaner. I know what you are thinking though. “Hey man, I tried right click and pick ‘Select Summary Table’ so I could sort and move columns around and it doesn’t exist. I used that all the time what gives?” You are correct you cannot do that. There is a new way to accomplish this though. In the upper right corner there a few different views you can select. Click the left most one.
There is your same view but even better. As you switch the columns around the data above will change how it’s displayed and even highlight the graph as you work. For example I’ve sorted my table by Start Time and picked the process winlogin.exe. The upper data set changed from the default (Lifetime type) to Start Time to reflect this. It also highlighted the time of when this process is running and shows exactly where it starts and ends in the graph all automagically.
This is obviously awesome.
Finding Slow Services
We’ll use the same techniques we used in Xperf, look for services that are long running. To start with, the services graph is on the left, grab and drag it over. It’s located under System Activity.
Now I know what you are thinking, “Hey man, I use to have way more services starting up than this where did they all go?” They are actually being grouped by service groups which is very similar to Xperf where they would show up as [Group: Name]. If they don’t belong to a service group they are now listed under Group None. To see them all expand the Group: None. Then continue your hunt. Here we can see sftlist is taking a long time to start. We can also see where that is affecting the boot time in the boot phases graph that we’ve also added.
All the highlighting across all charts happens automatically. This is also very useful and sweet.
Finding Disk Usage by Process
This one is a little bit trickier. First start by taking where it says Storage and dragging it to the right. It should look similar to this.
Then you’ll want to change our view to display both graph and table like we did before. Click the left most view button. Then take the column Process and drag it all the way to the left. The table will then sort by this and the graph will update as well. I’ve clicked on the system process which gives a tool tips, highlights the process on all charts and tables.
You can clearly see what process is taking most disk time and where on the timeline it’s the most active. Don’t forget you can continue to drag and add columns next to the yellow bar to continue changing how you are sorting your view. Let us know in the comments what you think and look for more posts in the future on how to fully utilize Windows Performance Analyzer.
Mark “beep, beep” Morowczynski