- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: How to get a reasonable input for WindowsUpdat...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to get a reasonable input for WindowsUpdateLog on Windows 10 and Server 2016?
The Splunk Add-on for Windows has changed the way it reads the WindowsUpdateLog from tailing a log file to using a PowerShell script. The changes are explained here. However, the output from the Get-WindowsUpdateLog command has no value, and doesn't seem to be outputting the correct logs. The logs I'm getting looks something like the following.
1600/12/31 19:00:00.0000000 768 3764 Unknown( 10): GUID=638e22b1-a858-3f40-8a43-af2c2ff651a4 (No Format Information found).
1600/12/31 19:00:00.0000000 768 3764 Unknown( 11): GUID=bce7cceb-de62-3b09-7f4f-c69b1344a134 (No Format Information found).
1600/12/31 19:00:00.0000000 768 3764 Unknown( 11): GUID=638e22b1-a858-3f40-8a43-af2c2ff651a4 (No Format Information found).
1600/12/31 19:00:00.0000000 768 3764 Unknown( 50): GUID=6ffec797-f4d0-3bda-288a-dbf55dc91e0b (No Format Information found).
I also found a thread on another forum were somone seems to be having the same problem, but found no fix.
Anyone have encountered the same problem? Is there any workaround?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @tauliang , @hettervik
Was this fixed by any chance?
Having same kind of issues of no format information found on the 2016 servers.
Can someone help on this topic please.
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What seemed to be the issue? I ran the powershell command on a Windows 10 box and got this
2020/05/03 13:59:26.9012287 3660 3744 DownloadManager Queueing update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1 for download handler request generation.
2020/05/03 13:59:26.9015056 3660 3744 DownloadManager Handler can skip block validation for update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1
2020/05/03 13:59:26.9039594 3660 11408 DownloadManager Disabling chunked mode for download. updateid: 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1
2020/05/03 13:59:26.9039675 3660 11408 DownloadManager Generating download request for update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1.
2020/05/03 13:59:26.9051260 3660 11408 DownloadManager Calling into handler 0x9 to generate download request for update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1.
2020/05/03 13:59:26.9083917 3660 11408 DownloadManager Found existing StreamingDataSource for update {5A85CA90-4A7B-4CF2-A1EE-0F457C832095} [d:EE659EBE]
2020/05/03 13:59:26.9085315 3660 11408 Handler AppX GDR: Existing deployment operation for 5A85CA90-4A7B-4CF2-A1EE-0F457C832095
2020/05/03 13:59:26.9085362 3660 11408 Handler AppX GDR: Waiting 0 ms for download execute or completion event.
2020/05/03 13:59:26.9085413 3660 11408 Handler AppX GDR: WAIT_TIMEOUT seen. Wait timed out.
2020/05/03 13:59:26.9085614 3660 11408 DownloadManager GenerateDownloadRequest returned WU_E_OPERATIONINPROGRESS for update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1.
2020/05/03 13:59:26.9589331 3660 31768 DownloadManager Dynamic download data fetcher for ServiceId 7971F918-A847-4430-9279-4A52D1EFE18D does not exist.
2020/05/03 13:59:30.4371243 3660 31768 DownloadManager Dynamic download data fetcher for ServiceId 7971F918-A847-4430-9279-4A52D1EFE18D does not exist.
2020/05/03 13:59:30.7685639 3660 3744 DownloadManager Handler returned total download size for update 5A85CA90-4A7B-4CF2-A1EE-0F457C832095.1 (session data (null)) as 47893581
How did the symbols get corrupted? This sounds like a Windows admin question to me.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the same problem with Windows Server2016.
I don't find any fix...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks. I've looked into it some more myself. The script Splunk is using seems to be working as intended, it's the output from the Get-WindowsUpdateLog command in PowerShell that doesn't give any valuable outputs. I can't figure out why though. The symbols are not corrupted (see original post), it's just that there seems to be an issue with compatibility or something.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @hettervi,
Out of interest, what user is Splunk running as in this case?
Cheers,
- Jo.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Bit late here, but it runs as the default Local System user.
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
