none
Extended Events - nt_user vs nt_username RRS feed

  • Question

  • Fellow SQLers

    I am coming up to speed on Extended Events.  using SQL 2016. I am doing some logging captures - error_report, login, and logout.

    I ran across something odd about what is available in Filters and not available in Filters.

    in global fields, we have nt_username and username. I pick those to come across.  In the Filters, I see sqlserver.nt_user and sqlserver.username. 

    I do not see NT_username. Is sqlserver.nt_user the same as NT_userName?

    thx

    MG

    Wednesday, July 3, 2019 3:25 PM

Answers

  • Hi MG,

    In SQL 2016 there are 5 filter predicates you can use to filter logins.
    For NT login/user you can use all 5 but SQL login/user you can use number 3,4 and 5 only.
    1.sqlserver.nt_username---Collect NT username
    2.sqlserver.session_nt_username---Get the current session NT user
    3.sqlserver.server_principal_name---Get the name of the Server Principal in whose context the event is being fired.
    4.sqlserver.username---Get the current username
    5.sqlserver.session_server_principal_name---Get the name of the Server Principal that originated the session in which the event is being fired.

    You can get more information from this thread.

    Hope this could help you.

    Best regards,
    Cathy Ji

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to  MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Thursday, July 4, 2019 6:03 AM

All replies

  • Try running this and see what is going on 

    CREATE EVENT SESSION [test] ON SERVER 
        ADD EVENT sqlserver.sp_statement_completed(
         WHERE ((((([sqlserver].[username]=N'') 
           AND ([sqlserver].[server_principal_name]=N'')) 
           AND ([sqlserver].[session_nt_user]=N'')) 
           AND ([sqlserver].[session_server_principal_name]=N'')))


    Best Regards,Uri Dimant SQL Server MVP, http://sqlblog.com/blogs/uri_dimant/

    MS SQL optimization: MS SQL Development and Optimization
    MS SQL Consulting: Large scale of database and data cleansing
    Remote DBA Services: Improves MS SQL Database Performance
    SQL Server Integration Services: Business Intelligence


    Thursday, July 4, 2019 4:37 AM
  • Hi MG,

    In SQL 2016 there are 5 filter predicates you can use to filter logins.
    For NT login/user you can use all 5 but SQL login/user you can use number 3,4 and 5 only.
    1.sqlserver.nt_username---Collect NT username
    2.sqlserver.session_nt_username---Get the current session NT user
    3.sqlserver.server_principal_name---Get the name of the Server Principal in whose context the event is being fired.
    4.sqlserver.username---Get the current username
    5.sqlserver.session_server_principal_name---Get the name of the Server Principal that originated the session in which the event is being fired.

    You can get more information from this thread.

    Hope this could help you.

    Best regards,
    Cathy Ji

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to  MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Thursday, July 4, 2019 6:03 AM
  • Thx Cathy,

    This helps understand the reference. The thing that really threw me is the naming convention.

    From what I have observed, I have not seen the phrase "NT user". It has been username or nt username.

    mg

    Friday, July 5, 2019 4:40 PM
  • thx Uri,

    Cathy answered me.

    MG

    Friday, July 5, 2019 4:41 PM