Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

ٍError "Splunk could not get the description for this event " in the message field

fahimeh
Explorer
‎09-18-2024 12:54 AM

Hello,
Some of the logs coming from the Windows Universal Forwarder to Splunk show the following error in the message field for certain events:
"Splunk could not get the description for this event."

I have reviewed
[https://community.splunk.com/t5/Getting-Data-In/Why-quot-FormatMessage-error-quot-appears-in-indexed...
, but it doesn't solve the issue, as this problem only occurs for a few specific events at specific times. I am using Splunk version 9.2.

What could be the issue?

Labels (2)
Labels
0 Karma
Reply

hrawat
Splunk Employee
Splunk Employee
‎02-04-2025 06:53 AM

Try 

https://community.splunk.com/t5/Knowledge-Management/Solutions-quot-Splunk-could-not-get-the-descrip...

0 Karma
Reply

fahimeh
Explorer
‎09-22-2024 09:59 PM

hi @gcusello 

No, I use the classic format

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-18-2024 01:24 AM

Hi @fahimeh ,

are you using xml or classif format?

if xml, try using the classic format adding renderXML=0 to the inputs.conf.

Ciao.

Giuseppe

0 Karma
Reply

fahimeh
Explorer
‎09-22-2024 10:44 PM

hi @gcusello 

No, I use the classic format

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-22-2024 11:20 PM

Hi @fahimeh ,

this is a Splunk maintenad add-on, so you can open a case to Splunk Support.

Without accessing your system it's hard to identify the issue.

Ciao.

Giuseppe

0 Karma
Reply

fahimeh
Explorer
‎09-23-2024 02:29 AM

pastedImage.jpg

 

The error message is generated only for these specific event codes

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-23-2024 05:37 AM

Hi @fahimeh ,

are you sure that it's a Splunk issue and not a Windows issue?

Anyway, open a case to Splunk Support.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...