All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

EventCode="1000" Getting Application crashing events for App: splunk-winevtlog.exe for module: KERNELBASE.dll at Universal Forwarder with Exception code: 0xeeab5254

suneel_k
Explorer
‎10-07-2019 08:21 AM

TaskCategory=Application Crashing Events
OpCode=Info
RecordNumber=10753333
Keywords=Classic
Message=Faulting application name: splunk-winevtlog.exe, version: 1541.512.22661.47915, time stamp: 0x5885be60
Faulting module name: KERNELBASE.dll, version: 6.3.9600.19425, time stamp: 0x5d26b6e9
Exception code: 0xeeab5254
Fault offset: 0x000000000000908c
Faulting process id: 0x844c
Faulting application start time: 0x01d579ad6fa2ae81
Faulting application path: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll

Reply

mykol_j
Communicator
‎12-08-2020 11:37 AM

Me too... almost every one of my Universal Forwarder clients, and yet, it's running and sending in logs...

0 Karma
Reply

suneel_k
Explorer
‎10-07-2019 09:13 AM

After this Crash Error also getting (error) log with EventCode=1001, Details given below

LogName=Application
SourceName=Windows Error Reporting
EventCode=1001
EventType=4
Type=Information
ComputerName=xxxxxxxxxxxxxxxxxxxxxxxxxx
TaskCategory=The operation completed successfully.
OpCode=Info
RecordNumber=10753261
Keywords=Classic
Message=Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: splunk-winevtlog.exe
P2: 1541.512.22661.47915
P3: 5885be60
P4: KERNELBASE.dll
P5: 6.3.9600.19425
P6: 5d26b6e9
P7: eeab5254
P8: 000000000000908c
P9:
P10:

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_splunk-winevtlog_7896c23e413c5d4ef2d6835430d3f6acbd6b3f_8cede047_b59a0a24

Analysis symbol:
Rechecking for solution: 0
Report Id: e543498a-e59d-11e9-8135-00505686288e
Report Status: 0
Hashed bucket:

0 Karma
Reply

dyolmc
Explorer
‎05-05-2020 05:52 AM

Did you ever figure why this was occurring? Noticing the same thing.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...