The Splunk Add-on for Windows has changed the way it reads the WindowsUpdateLog from tailing a log file to using a PowerShell script. The changes are explained here. However, the output from the Get-WindowsUpdateLog
command has no value, and doesn't seem to be outputting the correct logs. The logs I'm getting looks something like the following.
1600/12/31 19:00:00.0000000 768 3764 Unknown( 10): GUID=638e22b1-a858-3f40-8a43-af2c2ff651a4 (No Format Information found).
1600/12/31 19:00:00.0000000 768 3764 Unknown( 11): GUID=bce7cceb-de62-3b09-7f4f-c69b1344a134 (No Format Information found).
1600/12/31 19:00:00.0000000 768 3764 Unknown( 11): GUID=638e22b1-a858-3f40-8a43-af2c2ff651a4 (No Format Information found).
1600/12/31 19:00:00.0000000 768 3764 Unknown( 50): GUID=6ffec797-f4d0-3bda-288a-dbf55dc91e0b (No Format Information found).
I also found a thread on another forum were somone seems to be having the same problem, but found no fix.
Anyone have encountered the same problem? Is there any workaround?
Hi @tauliang , @hettervik
Was this fixed by any chance?
Having same kind of issues of no format information found on the 2016 servers.
Can someone help on this topic please.
Thanks!
What seemed to be the issue? I ran the powershell command on a Windows 10 box and got this
2020/05/03 13:59:26.9012287 3660 3744 DownloadManager Queueing update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1 for download handler request generation.
2020/05/03 13:59:26.9015056 3660 3744 DownloadManager Handler can skip block validation for update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1
2020/05/03 13:59:26.9039594 3660 11408 DownloadManager Disabling chunked mode for download. updateid: 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1
2020/05/03 13:59:26.9039675 3660 11408 DownloadManager Generating download request for update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1.
2020/05/03 13:59:26.9051260 3660 11408 DownloadManager Calling into handler 0x9 to generate download request for update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1.
2020/05/03 13:59:26.9083917 3660 11408 DownloadManager Found existing StreamingDataSource for update {5A85CA90-4A7B-4CF2-A1EE-0F457C832095} [d:EE659EBE]
2020/05/03 13:59:26.9085315 3660 11408 Handler AppX GDR: Existing deployment operation for 5A85CA90-4A7B-4CF2-A1EE-0F457C832095
2020/05/03 13:59:26.9085362 3660 11408 Handler AppX GDR: Waiting 0 ms for download execute or completion event.
2020/05/03 13:59:26.9085413 3660 11408 Handler AppX GDR: WAIT_TIMEOUT seen. Wait timed out.
2020/05/03 13:59:26.9085614 3660 11408 DownloadManager GenerateDownloadRequest returned WU_E_OPERATIONINPROGRESS for update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1.
2020/05/03 13:59:26.9589331 3660 31768 DownloadManager Dynamic download data fetcher for ServiceId 7971F918-A847-4430-9279-4A52D1EFE18D does not exist.
2020/05/03 13:59:30.4371243 3660 31768 DownloadManager Dynamic download data fetcher for ServiceId 7971F918-A847-4430-9279-4A52D1EFE18D does not exist.
2020/05/03 13:59:30.7685639 3660 3744 DownloadManager Handler returned total download size for update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1 (session data (null)) as 47893581
How did the symbols get corrupted? This sounds like a Windows admin question to me.
I have the same problem with Windows Server2016.
I don't find any fix...
Thanks. I've looked into it some more myself. The script Splunk is using seems to be working as intended, it's the output from the Get-WindowsUpdateLog
command in PowerShell that doesn't give any valuable outputs. I can't figure out why though. The symbols are not corrupted (see original post), it's just that there seems to be an issue with compatibility or something.
Hi @hettervi,
Out of interest, what user is Splunk running as in this case?
Cheers,
- Jo.
Bit late here, but it runs as the default Local System user.