The action allows exporting information about processes into a CSV data. The information can be saved to a file or a variable. There are a total of 45 fields available. The list of fields with types is provided below:
CreationClassName - string; Caption - string; CommandLine - string; CreationDate - datetime; CSCreationClassName – string; CSName - string; Description - string; ExecutablePath - string; ExecutionState - integer; Handle - string; HandleCount - integer; InstallDate - datetime; KernelModeTime - integer; MaximumWorkingSetSize - integer; MinimumWorkingSetSize - integer; Name – string; OSCreationClassName - string; OSName - string; OtherOperationCount - integer; OtherTransferCount - integer; PageFaults - integer; PageFileUsage - integer; ParentProcessId - integer; |
PeakPageFileUsage - integer; PeakVirtualSize - integer; PeakWorkingSetSize - integer; Priority - integer; PrivatePageCount - integer; ProcessId - integer; QuotaNonPagedPoolUsage - sytring; QuotaPagedPoolUsage - integer; QuotaPeakNonPagedPoolUsage - integer; QuotaPeakPagedPoolUsage - integer; ReadOperationCount - integer; ReadTransferCount - integer; SessionId - integer; Status - string; TerminationDate - datetime; ThreadCount - integer; UserModeTime - integer; VirtualSize - integer; WindowsVersion - string; WorkingSetSize - integer; WriteOperationCount - integer; WriteTransferCount - integer; |
More detailed information about the structure of process information can be found in the Microsoft documentation:
https://learn.microsoft.com/en-us/windows/win32/cimwin32prov/win32-process
Since there are many fields, you can choose which fields to display. By default, 9 fields are suggested, which are most commonly used in work:
•CommandLine: The full command line used to launch the application.
•CreationDate: The time when the process was started.
•ExecutablePath: The full path of the process executable file.
•Handle: The process handle, equal to ProcessID.
•HandleCount: The number of system handles open in the process.
•Name: The name of the process.
•ParentProcessId: The PID of the parent process.
•SessionId: The user session number. 0 corresponds to the SYSTEM session. Typically, only one user session is open on a workstation. In this case, 1 will correspond to your user session.
•WorkingSetSize: The size of memory in bytes occupied by the process.
Note about the datetime type:
The Date-Time value in the log is represented as a string in the format:
YYYYMMDDHHNNSS.ZZZZZZ±GGG
YYYY: 4-digit year
MM: 2-digit month
DD: 2-digit day
ZZZZZZ: 6 digits - microseconds
GGG: deviation of the time zone from GMT (Greenwich Mean Time) in minutes.
Fields
All 45 available fields are listed. Each field can be individually included.
Below the list, there are two buttons:
•Select all: Automatically selects all fields.
•Reset to default: Selects only the default fields.
Additional conditions
For example:
(Name like 'RoboTask%') or ((Name like 'RT%'))
Select processes where the Name field starts with RoboTask or RT.
Save to variable
Turn this switch on and specify the variable name to save the CSV text.
Save to file
Turn this switch on and specify the file name to save the CSV text. Also, specify the text encoding if needed.
Note that UTF-8 is a universal format for any language.
Specify the format of the CSV data: delimiter, quote character.
Note that if the "Strict delimiter" switch is not enabled, spaces are also considered delimiters. And all fields containing spaces must be enclosed in quotes.
Reset to standard format
Sets the standard parameters:
•Delimiter: Comma (,)
•Quotes: Double quotes (")
•Non-strict delimiter (spaces are also considered delimiters)
Reset to Excel format
Sets the parameters used by MS Excel by default:
•Delimiter: Semicolon (;)
•Quotes: Double quotes (")
•Strict delimiter.
Related Topics