例如,“Microsoft-Windows-Kernel-Power”源包含大量与电源相关的数据,例如 ID 为 507 的事件如下所示:
<Event
xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}" />
<EventID>507</EventID>
<Version>9</Version>
<Level>4</Level>
<Task>158</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000604</Keywords>
<TimeCreated SystemTime="2020-07-09T11:29:26.1076974Z" />
<EventRecordID>6722</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="17512" />
<Channel>System</Channel>
<Computer>DESKTOP-3CI3S1R</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="EnergyDrain">10879</Data>
<Data Name="ActiveResidencyInUs">20185268</Data>
<Data Name="NonDripsTimeActivatedInUs">93507145</Data>
<Data Name="FirstDripsEntryInUs">0</Data>
<Data Name="DripsResidencyInUs">0</Data>
<Data Name="DurationInUs">20185268</Data>
<Data Name="DripsTransitions">0</Data>
<Data Name="FullChargeCapacityRatio">96</Data>
<Data Name="AudioPlaying">false</Data>
<Data Name="Reason">31</Data>
<Data Name="AudioPlaybackInUs">0</Data>
<Data Name="NonActivatedCpuInUs">498137</Data>
<Data Name="PowerStateAc">false</Data>
<Data Name="HwDripsResidencyInUs">0</Data>
<Data Name="ExitLatencyInUs">14</Data>
<Data Name="DisconnectedStandby">true</Data>
<Data Name="AoAcCompliantNic">true</Data>
<Data Name="NonAttributedCpuInUs">0</Data>
<Data Name="ModernSleepEnabledActionsBitmask">0</Data>
<Data Name="ModernSleepAppliedActionsBitmask">0</Data>
<Data Name="LidOpenState">true</Data>
<Data Name="ExternalMonitorConnectedState">false</Data>
<Data Name="ScenarioInstanceId">141</Data>
<Data Name="IsCsSessionInProgressOnExit">false</Data>
<Data Name="BatteryRemainingCapacityOnExit">45433</Data>
<Data Name="BatteryFullChargeCapacityOnExit">58003</Data>
<Data Name="ScenarioInstanceIdV2">139</Data>
<Data Name="BootId">11</Data>
<Data Name="InputSuppressionActionCount">0</Data>
<Data Name="NonResiliencyTimeInUs">18446744073630679738</Data>
<Data Name="ResiliencyDripsTimeInUs">28910641341</Data>
<Data Name="ResiliencyHwDripsTimeInUs">0</Data>
<Data Name="GdiOnTime">0</Data>
<Data Name="DwmSyncFlushTime">0</Data>
<Data Name="MonitorPowerOnTime">2674780</Data>
<Data Name="SleepEntered">true</Data>
<Data Name="ScreenOffEnergyCapacityAtStart">45494</Data>
<Data Name="ScreenOffEnergyCapacityAtEnd">45494</Data>
<Data Name="ScreenOffDurationInUs">2128949</Data>
<Data Name="SleepEnergyCapacityAtStart">45494</Data>
<Data Name="SleepEnergyCapacityAtEnd">45433</Data>
<Data Name="SleepDurationInUs">18078525</Data>
<Data Name="ScreenOffFullEnergyCapacityAtStart">58003</Data>
<Data Name="ScreenOffFullEnergyCapacityAtEnd">58003</Data>
<Data Name="SleepFullEnergyCapacityAtStart">58003</Data>
<Data Name="SleepFullEnergyCapacityAtEnd">58003</Data>
</EventData>
</Event>
我可以在哪里获得此特定事件和其他可能事件的架构?
答案1
我可以在哪里获得此特定事件和其他可能事件的架构?
您可以在以下位置查看架构[MS-EVEN6]:事件 | Microsoft Docs:
<xs:schema
targetNamespace=
"http://schemas.microsoft.com/win/2004/08/events/event"
elementFormDefault=
"qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:evt=
"http://schemas.microsoft.com/win/2004/08/events/event">
...
或者,你可以下载 Windows SDK:
Windows SDK 在文件中包含架构
\Include\Event.xsd。