Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to fix: event logs lost during data collection


  • Please log in to reply
3 replies to this topic

#1 catcomp

catcomp

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:26 AM

Posted 08 February 2016 - 04:05 PM

Whenever I run a System Diagnostics Report for Windows 10, there is always a warning like this:

 

"Investigate why 13% (5,128) events were lost during data collection. The settings for Event Tracing for Windows (ETW) maximum buffers and buffer size may not be optimal depending on which data sets are being collected."

 

I have searched in vain for understandable guidance about how to determine if the ETW settings and buffer size are the problem and how to fix this.

 

Windows 10, version 1511, 64 bit

 

I  would appreciate a response geared for someone who is not a geek (but has aspirations!).

 

Thank you.



BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:26 AM

Posted 10 February 2016 - 07:00 AM

Response geared for someone who is not a geek: "Sometimes stuff doesn't happen." :0)

(just kidding!)

This is actually a very complicated topic that I can only skim the surface of.

 

For one, a hardware error that occurs below the ability of Windows to detect it will not show an error.

 

Another is that if you have too many errors, the buffers won't allow collecting more (depending on the system rules)

 

Events are not the same thing as errors.  If you scan the typical logfiles, you'll see many, many entries labelled as "Information" and relatively few labeled as "Warning", "Error", or "Critical" events

 

ETW for Windows isn't often worked on by people in the online forums, so understanding it will take a lot of research on your own.  I don't pretend to understand it myself.

In the past I had tried to study it enough to understand if it's reports would help with BSOD analysis - but had to give up when I couldn't find enough information to make the study worth my time.

 

Finally, it appears that some of the events aren't collected because of their size.  If they're too big or too small, then they won't be collected.  And the user has no control over this as they are determined by the programmer.  Read about Missing Events in the first link below:

 

https://msdn.microsoft.com/en-us/library/windows/desktop/aa363668%28v=vs.85%29.aspx

http://blogs.msdn.com/b/visualizeparallel/archive/2010/01/04/adjusting-buffer-settings-for-event-tracing-for-windows-etw.aspx (article on how to adjust the buffers)

http://windowsitpro.com/systems-management/inside-event-tracing-windows (an article about ETW)


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 catcomp

catcomp
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:26 AM

Posted 05 March 2016 - 09:54 AM

Thank you for taking the time to write such an informative response.  It is helpful.



#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:26 AM

Posted 06 March 2016 - 05:48 AM

Thanks for the kind words.

The point of the online forums is to share information - not just between you and I, but to also make our discussion available for others to see.

I try to keep that in mind when I reply - as that's how I got started here (by reading others posts).

Good luck!


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users