Getting Data In

Why is splunk-winevtlog.exe crash, low thruput, high cpu and other incorrect eventcode filtering not working?

hrawat_splunk
Splunk Employee
Splunk Employee

splunk-winevtlog.exe crash, low thruput, high cpu  utilization and eventcode filtering not working as expected with 8.1.x/8.2.x/9.0

Labels (3)
0 Karma
1 Solution

hrawat_splunk
Splunk Employee
Splunk Employee

If you have  filtering enabled that will filter more than one event e.g as follows, there is a known issue found with all 8.1.x/8.2.x and 9.0. Next 9.0.1 will have the fix. 8.0.x is not impacted.

 

 

whitelist1 = EventCode="299|342|394|500|501|528|624|627|628|629|630|644|672|4608|4610|4611|4614|4616|4622|4624|4625|4634|4647|4648|4662|4670|4720|4723|4724|4725|4726|4728|4729|4731|4732|4734|4735|4738|4740|4741|4742|4743|4756|4757|4767|4768|4769|4771|4776|4778|4779|4781|4800|4801|4904|4905|4907|4946|4947|4948|5136|5137|5140|5141"

 

 

 

View solution in original post

0 Karma

hrawat_splunk
Splunk Employee
Splunk Employee

If you have  filtering enabled that will filter more than one event e.g as follows, there is a known issue found with all 8.1.x/8.2.x and 9.0. Next 9.0.1 will have the fix. 8.0.x is not impacted.

 

 

whitelist1 = EventCode="299|342|394|500|501|528|624|627|628|629|630|644|672|4608|4610|4611|4614|4616|4622|4624|4625|4634|4647|4648|4662|4670|4720|4723|4724|4725|4726|4728|4729|4731|4732|4734|4735|4738|4740|4741|4742|4743|4756|4757|4767|4768|4769|4771|4776|4778|4779|4781|4800|4801|4904|4905|4907|4946|4947|4948|5136|5137|5140|5141"

 

 

 

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...