TaskCategory=Application Crashing Events
OpCode=Info
RecordNumber=10753333
Keywords=Classic
Message=Faulting application name: splunk-winevtlog.exe, version: 1541.512.22661.47915, time stamp: 0x5885be60
Faulting module name: KERNELBASE.dll, version: 6.3.9600.19425, time stamp: 0x5d26b6e9
Exception code: 0xeeab5254
Fault offset: 0x000000000000908c
Faulting process id: 0x844c
Faulting application start time: 0x01d579ad6fa2ae81
Faulting application path: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Me too... almost every one of my Universal Forwarder clients, and yet, it's running and sending in logs...
After this Crash Error also getting (error) log with EventCode=1001, Details given below
LogName=Application
SourceName=Windows Error Reporting
EventCode=1001
EventType=4
Type=Information
ComputerName=xxxxxxxxxxxxxxxxxxxxxxxxxx
TaskCategory=The operation completed successfully.
OpCode=Info
RecordNumber=10753261
Keywords=Classic
Message=Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: splunk-winevtlog.exe
P2: 1541.512.22661.47915
P3: 5885be60
P4: KERNELBASE.dll
P5: 6.3.9600.19425
P6: 5d26b6e9
P7: eeab5254
P8: 000000000000908c
P9:
P10:
Attached files:
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_splunk-winevtlog_7896c23e413c5d4ef2d6835430d3f6acbd6b3f_8cede047_b59a0a24
Analysis symbol:
Rechecking for solution: 0
Report Id: e543498a-e59d-11e9-8135-00505686288e
Report Status: 0
Hashed bucket:
Did you ever figure why this was occurring? Noticing the same thing.