When reviewing a DNS request in the Event Search, you're curious which process made the request. Which Event Action would be the quickest way to show you the process?
When reviewing a DNS request in the Event Search, you're curious which process made the request. Which Event Action would be the quickest way to show you the process?
event_simpleName=DnsRequest is a process that is spawned by a TargetProcessId that is 'event_simpleName=ProcessRollup2'. It doesn't have a ParentProcessId in the field hence B is wrong. C is correct because by clicking 'Show Responsible Process Data', it automatically pivots the event's ContextProcessId as the TargetProcessId to find its 'spawner'.
should be A