I’ve collected a list of simple tips and tricks that I’d like to share with you. They provide simple techniques that you can apply to any problem.
Filtering is very powerful. In the centralized Filter Library, there are many examples that can help you learn the filtering language. Although at times, you might just want to search for some text that is buried somewhere in the data you are searching through. This could be a file or user name, or perhaps some piece of data that you know exists. You can quickly locate such data by using the “contains” keyword in a filter expression. In the central Filter Library there are a number of predefined filter expressions that show you how to find text and other patterns in various formats or encodings. These examples use the “contains” keyword and consist of the following:
Filtering is good for getting rid of unnecessary data, and for focusing on specific things. However, there are times when you simply need to find the next occurrence of something. In the View Filter group on the Ribbon of the Message Analyzer Home tab, you can change from the Filter mode to the Find mode. The Find mode enables your search to jump to the next occurrence of a match. For example, after you set the Find mode, you can specify a filter expression in the Find Messages text box and then click the Find binoculars icon to locate the next occurrence of a match. Moreover, if you wanted to locate a specific frame, you could create a filter such as the following to jump to the next occurrence of the frame:
Of course, if you have imported multiple log files, there could be more than one instance of that message number. By clicking the Find binoculars icon successively (or by pressing the F3 key on your keyboard), you can find each occurrence that matches the specified message number.
Note The Find function will only highlight the next occurrence of a match to top-level messages. If there is a match to a message in the underlying stack, the Find function will highlight such an occurrence only if the message nodes that conceal it are expanded.
This simple technique shows you all the protocols and modules in a trace and separates them into different groups. It’s a nice way to organize and explore trace data. The following figure shows the results of performing a Group operation on the Module column of the Analysis Grid viewer. To see a full list of groups, note that you can right-click the Module label and select Collapse All Groups from the menu that appears.
You can display a TCP with Network Grouping layout configuration immediately by selecting it from the View Layout drop-down in the View Options group on the Ribbon of the Message Analyzer Home tab. This view layout configuration also adds some TCP -specific columns for additional data analysis perspective. Note that you can build hybrid views with just conversations, or just the column layouts; for details see the More Information section.
Sometimes sorting by Timestamp can cause a dip in performance during analysis, but when messages are sorted to chronological order, certain issues are more easily resolved. By default, Message Analyzer shows messages in the order in which they were processed, which can sometimes cause confusion.
The Message Stack tool window, formerly known as the Call Stack, provides a quick view of the message stack that underlies any selected top-level message, as shown in the figure that follows:
You can open the Message Stack tool window from the Tool Windows drop-down menu in the Windows group on the Ribbon of the Message Analyzer Home tab. You can then see each stack layer and potentially how messages are grouped together due to operations or fragmentation. You can also select a part of the stack to view its details in the Details tool window.
By using the Column Chooser to add an ElapsedTime column to the Analysis Grid and clicking twice on the column header, Message Analyzer performs a sort that shows the highest values at the top. This view can tell you which operations (request/response pairs) took the longest to complete. This total completion time includes the time it takes to report the all message fragments in both directions. So sorting by ElapsedTime might provide an indication that you have a network issue, such as delayed or dropped packets, or otherwise, point you to a service related issue.
By using the Column Chooser to add a ResponseTime column to the Analysis Grid and clicking twice on the column header, the sorted data show you the highest response times. ResponseTime indicates the time it takes to send the first message back, for example, from an initial request. This data can tell you how long a service is taking to respond, which for the most part, removes the network from the equation. The term “service” is referred to loosely here, meaning any communication that involves a request/response message pair.
If you want a high-level view of things that could potentially be of concern, you can display the Diagnostics tool window from the previously indicated Tool Windows drop-down menu. You can also Ignore errors in this tool window that you don’t need to evaluate and you can click any message to bring it into focus in any open data viewer, such as the Analysis Grid.
For new users, it’s nice to have a list of things you can try. I find myself repeatedly using these same techniques across different types of problems, as the means of obtaining the information I need to resolve troubleshooting issues.
For additional details about some of the concepts described in this article, see the following topics in the Message Analyzer Operating Guide on TechNet: