Getting Data In

Windows regmon process maxing CPU usage


Hi guys,

I have started upgrading our Windows forwarders, and have seen issues with the regmon process (splunk-regmon.exe)maxing out the CPU usage on the hosting server. The only workaround I have at the moment is to disable the input script at the system level. This is not ideal as we monitor the changes in the registry.

This has had the same effect on Windows 2003, 2008 R2, and 2012.

Is this a known issues (I have checked the release notes, but couldn't see anything)? Is there a work-around that can enable us to use this feature without maxing out the CPU?

If it is a bug, where do I find the submission form? - it's been a long time since I've looked at the form.



0 Karma



Firstly, what are you upgrading from and to? It might also be worth checking the input before and after incase any migration steps have accidentally modified it so its causing regmon to have a bit of a wobbler.
Also I guess you've checked but also worth looking for any error or warning logs,

To submit a case (which I suspect you're going to need to) is at (which you could find by going to the main Splunk site and hitting up Support 🙂 )

Another step to try would be on a search head to go to Manager -> System Settings and then to the System logging. If you put reg into the search box you will see a couple of related logging outputs. Might be worth editing the log.cfg on the forwarder to try and get more detail out of them;


Upgrading from 4.3.4 to 5.0.4, couldn't see anything in the logs other than the inputs starting up.

I'll try the logging.

0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...