Export (0) Print
Expand All

Using the BSV Features

The procedures in this section encapsulate the main functionalities described in the Importing Message Data section. The procedures demonstrate how to do the following:

Load and Display Saved Data — shows how to browse for data sources that contain a message collection you want to import through a Browse Session and then display it.

Select Specific Data from a Data Source — shows how to select specific data from saved data sources by applying a Selection Filter to the import process via a Browse Session.

Display Different Data Viewers for Session Results — shows how to view results in selected data viewers that provide different presentation formats.

Load Saved Data with Quick Open — shows how to quickly load and display data from a saved file by using the Quick Open feature.

Load Saved Data From Recent Files — shows how to quickly load and display data from a saved file by using the Recent Files feature.

Import and Save a Message Collection — shows how to import a message collection from multiple files and save it to a single file following data assessment or manipulation.

Important  If you have not logged off Windows after the first installation of Message Analyzer, please log off and then log back on before performing these procedures. This action ensures that all subsequent logons receive the required security credentials for the Message Capture Users Group. Otherwise, you will be unable to capture network traffic at the Firewall or Link Layer, unless you start Message Analyzer with the right-click Run as administrator option.

Load and Display Saved Data

In the following procedure, you will load saved trace data through a Browse Session and display it in the Message Analyzer default Analysis Grid viewer.

To use a Browse Session to load and display saved data

  1. From the Start menu or taskbar of a target computer, click the Microsoft Message Analyzer icon to open Message Analyzer.

  2. Click the Message Analyzer File tab to display the Backstage and then click Browse to display the Browse Session configuration interface from where you can import saved trace data into the Message Analyzer.

  3. In the Import files pane of the Browse Session configuration, click Add Files to launch the Open dialog and then navigate to the trace file/s containing the data you want to display.

  4. In the Open dialog, select the file/s containing the data you want to import, then click Open.

  5. In the Import files list, place a check mark in the check box next to the file/s containing the data you want to import.

    If you need to search for specific data in suitably named files, as described in Naming Saved Files, enter the appropriate characters in the Import files search box to highlight them in the list.

  6. Click the View With button to automatically select the Analysis Grid viewer and begin importing the data.

    The imported data displays in the Analysis Grid viewer on the Message Analyzer Home tab.

  7. To import data from one or more additional log files, click the Configuration button in the Session group on the Ribbon of the Home tab to return to the current Browse Session.

  8. Click Add Files to add one or more log files to the Import files list and then place a check mark in the check box next to each file containing data you want to import into your message collection.

  9. Click the Apply Changes button to display the imported data in the Analysis Grid viewer on the Message Analyzer Home tab.

Select Specific Data from a Data Source

In the following procedure, you will select specific trace data to retrieve through a Browse Session, by adding a Selection Filter to the import process.

To select specific data from a Browse Session

  1. Perform steps 1 through 4 of the procedure in Load and Display Saved Data.

  2. In the Selection Filter pane of the Browse Session, configure a Filter Expression or select one from the Library in the Selection Filter pane to filter the imported messages to specific criteria.

    For example, you might add a simple expression such as ip4.address==192.168.1.1 to filter for messages containing that address. You can also add a recently used filter from the History drop-down list.

  3. Confirm the validity of the expression by clicking the Verify button.

    If you have an invalid expression, a Compile query error message will be displayed.

  4. Click the View With button to select the default Analysis Grid viewer and begin importing the data, or alternatively, click the down arrow on the Analysis Grid icon and select a data viewer in which to display the imported data.

    The imported data displays in the selected viewer on the Message Analyzer Home tab.

  5. To return to your Browse Session to specify a different Filter Expression or message collection configuration for the import, click the Configuration button in the Session group on the Ribbon of the Message Analyzer Home tab.

    Note  If you make any changes to the original Browse Session configuration, Message Analyzer provides one of the following notifications, as appropriate:

    • Adding files requires additional processing time.

    • Removing files or adding filters results in reloading all the data from the target import files.

    You also have the option to return to the original Browse Session configuration after making changes — but before applying them with Apply Changes — by clicking the Undo Changes button in the Modifying Session information bar.

  6. After you have modified the Browse Session by configuring a Filter Expression or by adding one from the Library in the Selection Filter pane, click the Apply Changes button to view the results of the new browse configuration in the data viewer you initially selected.

    Note  When you modify a Browse Session, you cannot also change the data viewer. After clicking Apply Changes, the imported data will continue to display in the data viewer that you initially specified. If you want to display the imported data in a different data viewer, you will need to create a new Browse Session and specify the viewer you want.

Display Different Data Viewers for Session Results

In the following procedure, you will display different views of your message collection data by opening additional data viewers. You might change data viewers to obtain different analytical perspectives when assessing your data.

To display different data viewers

  1. Perform a data import by following the steps of one of the previous procedures, as appropriate.

    Note  You could also run a Trace Session to add its data to the viewer configurations you will be using.

  2. The imported data displays in the Analysis Grid viewer on the Message Analyzer Home tab.

  3. Observe the left margin of the Message Analyzer Home tab to ensure that the Session Explorer tool window is open. If not, open it by selecting the Session Explorer item in the the Tool Windows drop-down in the Windows group on the Ribbon of the Message Analyzer Home tab.

  4. To create a different view of data, right-click a Browse Session in the Session Explorer tool window, highlight New Viewer, and then select the Protocol Dashboard item under Charts.

  5. The Protocol Dashboard viewer of the trace data displays on the Message Analyzer Home tab.

    The Protocol Dashboard viewer contains several visualizer components, including Top Level Protocols Summary bar and pie charts, a Top Level Protocols Summary message count grid, and a Top Level Protocols Over Time chart in X-Y axis format that displays message count per protocol versus the trace timeline.

  6. Repeat step 3 and configure a different data viewer that displays SMB Reads and Writes.

    Note  This viewer will display data only if SMB, SMB2, or SMB3 protocol packets were captured in the trace.

  7. Right-click a Browse Session in the Session Explorer tool window, highlight New Viewer, and then select the Sequence Match item under Common.

    Note  To execute a sequence expression, you will need to select one from the Sequence Expression drop-down in the View Options group on the Ribbon, by placing a check mark in a sequence expression check box in the menu that appears.

  8. To poll through the various data viewers for analysis purposes, click the session nodes for each viewer type under the appropriate Browse Session in the Session Explorer tool window.

    Tip  Because the Sequence Match viewer interacts with the Analysis Grid, it may be useful to redock these viewers so that you can drive message selection in the Analysis Grid from the Sequence Match viewer. See Redocking Data Viewers and Tool Windows for more information.

  9. Repeat these steps to specify different data viewers for the Trace Session, if you ran one.

    Tip  Comparing live capture data with associated data imported from a Browse Session provides a convenient method for analyzing current and historical data.

Load Saved Data with Quick Open

In the procedure that follows, you will display data quickly from a saved trace file by using the Quick Open feature.

To quickly open a saved file and display its data

  1. From the Start menu or taskbar of a target computer, click the Microsoft Message Analyzer icon to open Message Analyzer.

  2. Click the Message Analyzer File tab to display the Backstage and then click Quick Open to launch the Message Analyzer Open dialog. You can also use the keyboard shortcut Ctrl+O to open a trace file or log.

  3. Navigate to the saved trace file containing the data you want to display and then click Open.

    The saved trace data displays in the Message Analyzer Analysis Grid viewer.

Load Saved Data From Recent Files

In the procedure that follows, you will quickly load and display trace data by using the Recent Files feature.

To quickly load and display saved data

  1. From the Start menu or taskbar of a target computer, click the Microsoft Message Analyzer icon to open Message Analyzer.

  2. From the Message Analyzer Start Page, click a trace file under Recent Files to quickly display its data in the Message Analyzer Analysis Grid viewer.

  3. Alternatively, drag and drop one or more saved trace files onto the Message Analyzer Start Page.

    Note  In drag-and-drop mode, the loaded data from each selected file displays in separate Analysis Grid viewer tabs on the Message Analyzer Home tab.

Import and Save a Message Collection

In the procedure that follows, you will import a message collection consisting of data from multiple files and you will save it to a single file in one of the Message Analyzer native file formats.

To save imported data as a message collection

  1. From the Start menu or taskbar of a target computer, click the Microsoft Message Analyzer icon to open Message Analyzer.

  2. Click the Message Analyzer File tab to display the Backstage and then click Browse to launch the Browse Session configuration interface.

  3. In the Import files pane, click Add Files to display the Open dialog.

  4. In the Open dialog, navigate to one or more files such as log and trace files.

    This might consist of any combination of .matu, .matp, .cap, .etl files, and so on. For example, you could import several log files containing message data that you want to aggregate for analysis purposes.

  5. In the Import files list, place a check mark in the checkbox next to the files containing the data you want to import.

  6. If there is specific data in the import files that you want to isolate, for example, from one or more large log files, you can specify a Filter Expression in the Selection Filter pane by configuring one manually or by adding a predefined filter from the centralized Filter Expression Library.

  7. Click the Verify icon to ensure that you specified a valid Filter Expression.

    If you specified an invalid Filter Expression, you will receive a Compile query error.

  8. When you are ready to import the data, click the View With button to automatically select the default Analysis Grid viewer and begin the import process. Alternatively, click the down arrow on the Analysis Grid icon and select a different data viewer from the menu that displays to start the import process.

    The data from the import files that you specified is loaded into Message Analyzer and displays in the data viewer that you selected.

  9. After you have loaded data, you normally will manipulate the data to further isolate specific messages of interest. For example, you can do this by Grouping data, sorting columns, adding columns for new field data, specifying Column Filters, and applying Color Rules; by specifying Viewpoints, Quick Filters, View Filters, and Column Layouts; and by selecting different data viewers and other visualizer components to enhance your analytical perspectives.

    To learn more about manipulating message data for analysis purposes, see the procedures in Using the Filtering Features.

  10. When you have a set of messages that is representative of a particular issue, such as a group of errors that might have occurred in some module at a specific source or destination address, highlight the messages of interest by either of the following actions:

    • Hold down the Ctrl key and select each message row of interest with the mouse pointer.

    • Select a starting message row, hold down the Shift key, and then select any contiguous block of message rows with the Down Arrow key.

  11. Click the Message Analyzer File tab to display the Backstage and then click Save As to display the Save/Export Session dialog.

  12. In the Save/Export Session dialog, select the Selected Messages radio button and then click the Save As button to display the Save As dialog, from where you can save your selected messages in .matp file format.

    Optionally, you can export your selected messages in .cap file format by selecting the Export radio button.

  13. From the Save As dialog, navigate to the directory location where you want to save the selected message data.

  14. In the File name text box of the Save As dialog, specify a name for the message file.

    Note that you can only save data in the .matp file format.

  15. Click Save when finished.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft