Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Storage-Tiering-IoHeat

Event ID 3

Message:

WRITE - Volume: %{VolumeIdHash} File: %{FileIDLower}%{FileIDUpper} Offset: %{Offset} Length %{Length}

Event Data:

# Name In Type
Out Type
1 FileIDLower win:UInt64 xs:unsignedLong
2 FileIDUpper win:UInt64 xs:unsignedLong
3 Offset win:UInt64 xs:unsignedLong
4 Length win:UInt32 xs:unsignedInt
5 VolumeIdHash win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: LUZSJHKEWFTYU