I found many errors from _internal log
ERROR ExecProcessor - message from "D:\SplunkUniversalForwarder\bin\splunk-regmon.exe" splunk-regmon - WinRegistryMonitor::configure: Failed to get configuration settings: 'Regex: number too big in {} quantifier'
Any ideas how to resolve this error?
Do you have any REGEX in your inputs.conf ? That's where I would look first.
there are no any REGEX
this is my inputs.conf on uf
And that's the only inputs.conf located on your UF? Splunk-regmon is trying to be ran from some configuration. Were you actively monitoring the registry before this error started to pop up?
Take a look at this article: https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/MonitorWindowsregistrydata
The inputs.conf file contains the specific regular expressions you create to refine and filter the Registry hive paths you want the Splunk platform to monitor.
It could be that the app is looking at the wrong inputs.conf and getting confused.
Try running this command to look through all of your inputs.confs
D:\SplunkUniversalForwarder\bin\splunk.exe btool inputs list > ..\btool.txt
It will create a txt file for you to go through.