All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Microsoft Windows 4.8.4 splunk-netmon.exe memory leak on host?

bec
Explorer
‎12-28-2018 12:47 PM

I'm running the Splunk_TA_windows app to collect host information from Windows Server 2012 R2 servers. If I start/restart the splunk forwarder service everything is fine however after a day or two the splunk-netmon.exe process seems to show signs of a memory leak. Over the course of a week or so the process will consume 80-90% of the host's memory. Has anyone else ran into this? I have this on multiple hosts running a mixed bag of different applications.

splunk forwarder version 6.6.6
splunk add on for microsoft windows version 4.8.4

inputs.conf for splunk_ta_windows:

###### Network monitoring ######
[WinNetMon://inbound]
direction = inbound
disabled = 0
index = windows
packetType = accept;connect

[WinNetMon://outbound]
direction = outbound
disabled = 0
index = windows
packetType = accept;connect```
0 Karma
Reply

dstaulcu
Builder
‎12-28-2018 07:24 PM

I was never a fan of filtering options (on the uf) for this input type. recommend using sysinternals sysmon instead.

Here's your future search:

source="*WinEventLog:Microsoft-Windows-Sysmon/Operational" "<EventID>3</EventID>" OR EventCode="3"
 | table _time host source EventID RuleName, UtcTime, ProcessGuid, ProcessId, Image, User, Protocol, Initiated, SourceIsIpv6, SourceIp, SourceHostname, SourcePort, SourcePortName, DestinationIsIpv6, DestinationIp, DestinationHostname, DestinationPort, DestinationPortName 
 | sort 0 - _time
0 Karma
Reply
Get Updates on the Splunk Community!

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...

Introducing a Smarter Way to Discover Apps on Splunkbase

We’re excited to announce the launch of a foundational enhancement to Splunkbase: App Tiering.  Because we’ve ...

How to Send Splunk Observability Alerts to Webex teams in Minutes

As a Developer Evangelist at Splunk, my team and I are constantly tinkering with technology to explore its ...