All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get a reasonable input for WindowsUpdateLog on Windows 10 and Server 2016?

hettervik
Builder
‎04-30-2020 05:44 AM

The Splunk Add-on for Windows has changed the way it reads the WindowsUpdateLog from tailing a log file to using a PowerShell script. The changes are explained here. However, the output from the Get-WindowsUpdateLog command has no value, and doesn't seem to be outputting the correct logs. The logs I'm getting looks something like the following.

1600/12/31 19:00:00.0000000 768   3764                  Unknown( 10): GUID=638e22b1-a858-3f40-8a43-af2c2ff651a4 (No Format Information found).
1600/12/31 19:00:00.0000000 768   3764                  Unknown( 11): GUID=bce7cceb-de62-3b09-7f4f-c69b1344a134 (No Format Information found).
1600/12/31 19:00:00.0000000 768   3764                  Unknown( 11): GUID=638e22b1-a858-3f40-8a43-af2c2ff651a4 (No Format Information found).
1600/12/31 19:00:00.0000000 768   3764                  Unknown( 50): GUID=6ffec797-f4d0-3bda-288a-dbf55dc91e0b (No Format Information found).

I also found a thread on another forum were somone seems to be having the same problem, but found no fix.

Anyone have encountered the same problem? Is there any workaround?

0 Karma
Reply

ManjunathN
Engager
‎01-12-2023 01:49 PM

Hi @tauliang  , @hettervik

 Was this fixed by any chance?

Having same kind of issues of no format information found on the 2016 servers.

Can someone help on this topic please.

Thanks!

0 Karma
Reply

tauliang
Communicator
‎05-04-2020 09:38 PM

What seemed to be the issue? I ran the powershell command on a Windows 10 box and got this

2020/05/03 13:59:26.9012287 3660  3744  DownloadManager Queueing update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1 for download handler request generation.
2020/05/03 13:59:26.9015056 3660  3744  DownloadManager Handler can skip block validation for update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1
2020/05/03 13:59:26.9039594 3660  11408 DownloadManager Disabling chunked mode for download. updateid: 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1
2020/05/03 13:59:26.9039675 3660  11408 DownloadManager Generating download request for update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1.
2020/05/03 13:59:26.9051260 3660  11408 DownloadManager Calling into handler 0x9 to generate download request for update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1.
2020/05/03 13:59:26.9083917 3660  11408 DownloadManager Found existing StreamingDataSource for update {5A85CA90-4A7B-4CF2-A1EE-0F457C832095} [d:EE659EBE]
2020/05/03 13:59:26.9085315 3660  11408 Handler         AppX GDR: Existing deployment operation for 5A85CA90-4A7B-4CF2-A1EE-0F457C832095
2020/05/03 13:59:26.9085362 3660  11408 Handler         AppX GDR: Waiting 0 ms for download execute or completion event.
2020/05/03 13:59:26.9085413 3660  11408 Handler         AppX GDR: WAIT_TIMEOUT seen. Wait timed out.
2020/05/03 13:59:26.9085614 3660  11408 DownloadManager GenerateDownloadRequest returned WU_E_OPERATIONINPROGRESS for update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1.
2020/05/03 13:59:26.9589331 3660  31768 DownloadManager Dynamic download data fetcher for ServiceId 7971F918-A847-4430-9279-4A52D1EFE18D does not exist.
2020/05/03 13:59:30.4371243 3660  31768 DownloadManager Dynamic download data fetcher for ServiceId 7971F918-A847-4430-9279-4A52D1EFE18D does not exist.
2020/05/03 13:59:30.7685639 3660  3744  DownloadManager Handler returned total download size for update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1 (session data (null)) as 47893581

How did the symbols get corrupted? This sounds like a Windows admin question to me.

0 Karma
Reply

qescanciano
Engager
‎06-03-2021 07:21 AM

I have the same problem with Windows Server2016.

I don't find any fix...

0 Karma
Reply

hettervik
Builder
‎05-07-2020 06:52 AM

Thanks. I've looked into it some more myself. The script Splunk is using seems to be working as intended, it's the output from the Get-WindowsUpdateLog command in PowerShell that doesn't give any valuable outputs. I can't figure out why though. The symbols are not corrupted (see original post), it's just that there seems to be an issue with compatibility or something.

0 Karma
Reply

jhornsby_splunk
Splunk Employee
Splunk Employee
‎05-07-2020 07:26 AM

Hi @hettervi,

Out of interest, what user is Splunk running as in this case?

Cheers,

- Jo.

0 Karma
Reply

hettervik
Builder
‎11-14-2020 09:34 AM

Bit late here, but it runs as the default Local System user.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...