Archive

EventCode="1000" Getting Application crashing events for App: splunk-winevtlog.exe for module: KERNELBASE.dll at Universal Forwarder with Exception code: 0xeeab5254

Explorer

TaskCategory=Application Crashing Events
OpCode=Info
RecordNumber=10753333
Keywords=Classic
Message=Faulting application name: splunk-winevtlog.exe, version: 1541.512.22661.47915, time stamp: 0x5885be60
Faulting module name: KERNELBASE.dll, version: 6.3.9600.19425, time stamp: 0x5d26b6e9
Exception code: 0xeeab5254
Fault offset: 0x000000000000908c
Faulting process id: 0x844c
Faulting application start time: 0x01d579ad6fa2ae81
Faulting application path: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll

Explorer

After this Crash Error also getting (error) log with EventCode=1001, Details given below

LogName=Application
SourceName=Windows Error Reporting
EventCode=1001
EventType=4
Type=Information
ComputerName=xxxxxxxxxxxxxxxxxxxxxxxxxx
TaskCategory=The operation completed successfully.
OpCode=Info
RecordNumber=10753261
Keywords=Classic
Message=Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: splunk-winevtlog.exe
P2: 1541.512.22661.47915
P3: 5885be60
P4: KERNELBASE.dll
P5: 6.3.9600.19425
P6: 5d26b6e9
P7: eeab5254
P8: 000000000000908c
P9:
P10:

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_splunk-winevtlog_7896c23e413c5d4ef2d6835430d3f6acbd6b3f_8cede047_b59a0a24

Analysis symbol:
Rechecking for solution: 0
Report Id: e543498a-e59d-11e9-8135-00505686288e
Report Status: 0
Hashed bucket:

0 Karma

Engager

Did you ever figure why this was occurring? Noticing the same thing.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!