Now that you are somewhat familiar with a single ETW event, let’s illustrate what a typical HTTP request looks like. Here, I’ve made a simple HTTP request to a web server, IIS7 in this case.
I’ve taken the liberty of pulling out all important data from the XML file. You may notice that I've placed all the Data in the same cell for each event, this is simply to save space in this web format.
The first part of almost any Http.sys event trace are a series of events that shows we’ve received a request:
The rest of the trace can be interpreted as follows.
In the next ETW posts, we will discuss diagnosing typical Http.sys problems using Event Tracing.