By crash do you mean a BSOD or something else? I've never seen anything like this and we run thousands of UFs on Windows so I wonder if the event log entry is illustrating a symptom rather than the cause of the crash. I would recommend engaging Splunk Support about this. If you don't know the exact timestamp of the crash, it may be interesting to see what events Splunk indexed just before the crash. This search may help:
yoursearch | rename _indextime AS indextime | convert ctime(indextime)
This will create a field called indextime that will give you the time that Splunk indexed the event rather than the time of the event itself. Good luck!
Hi, no this was a crash of the UF implicating KERNELBASE.dll - the stack overflow caused other issues on the server, clearly there was a memory leak of some sort that affected everything else on the server.