I have started upgrading our Windows forwarders, and have seen issues with the regmon process (splunk-regmon.exe)maxing out the CPU usage on the hosting server. The only workaround I have at the moment is to disable the input script at the system level. This is not ideal as we monitor the changes in the registry.
This has had the same effect on Windows 2003, 2008 R2, and 2012.
Is this a known issues (I have checked the release notes, but couldn't see anything)? Is there a work-around that can enable us to use this feature without maxing out the CPU?
If it is a bug, where do I find the submission form? - it's been a long time since I've looked at the form.
Firstly, what are you upgrading from and to? It might also be worth checking the input before and after incase any migration steps have accidentally modified it so its causing regmon to have a bit of a wobbler.
Also I guess you've checked but also worth looking for any error or warning logs,