All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

EventCode="1000" Getting Application crashing events for App: splunk-winevtlog.exe for module: KERNELBASE.dll at Universal Forwarder with Exception code: 0xeeab5254

suneel_k
Explorer
‎10-07-2019 08:21 AM

TaskCategory=Application Crashing Events
OpCode=Info
RecordNumber=10753333
Keywords=Classic
Message=Faulting application name: splunk-winevtlog.exe, version: 1541.512.22661.47915, time stamp: 0x5885be60
Faulting module name: KERNELBASE.dll, version: 6.3.9600.19425, time stamp: 0x5d26b6e9
Exception code: 0xeeab5254
Fault offset: 0x000000000000908c
Faulting process id: 0x844c
Faulting application start time: 0x01d579ad6fa2ae81
Faulting application path: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll

Reply

mykol_j
Path Finder
‎12-08-2020 11:37 AM

Me too... almost every one of my Universal Forwarder clients, and yet, it's running and sending in logs...

0 Karma
Reply

suneel_k
Explorer
‎10-07-2019 09:13 AM

After this Crash Error also getting (error) log with EventCode=1001, Details given below

LogName=Application
SourceName=Windows Error Reporting
EventCode=1001
EventType=4
Type=Information
ComputerName=xxxxxxxxxxxxxxxxxxxxxxxxxx
TaskCategory=The operation completed successfully.
OpCode=Info
RecordNumber=10753261
Keywords=Classic
Message=Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: splunk-winevtlog.exe
P2: 1541.512.22661.47915
P3: 5885be60
P4: KERNELBASE.dll
P5: 6.3.9600.19425
P6: 5d26b6e9
P7: eeab5254
P8: 000000000000908c
P9:
P10:

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_splunk-winevtlog_7896c23e413c5d4ef2d6835430d3f6acbd6b3f_8cede047_b59a0a24

Analysis symbol:
Rechecking for solution: 0
Report Id: e543498a-e59d-11e9-8135-00505686288e
Report Status: 0
Hashed bucket:

0 Karma
Reply

dyolmc
Engager
‎05-05-2020 05:52 AM

Did you ever figure why this was occurring? Noticing the same thing.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...