Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Windows regmon process maxing CPU usage

MHibbin
Influencer
‎09-27-2013 02:38 AM

Hi guys,

I have started upgrading our Windows forwarders, and have seen issues with the regmon process (splunk-regmon.exe)maxing out the CPU usage on the hosting server. The only workaround I have at the moment is to disable the input script at the system level. This is not ideal as we monitor the changes in the registry.

This has had the same effect on Windows 2003, 2008 R2, and 2012.

Is this a known issues (I have checked the release notes, but couldn't see anything)? Is there a work-around that can enable us to use this feature without maxing out the CPU?

If it is a bug, where do I find the submission form? - it's been a long time since I've looked at the form.

Thanks,

MHibbin

0 Karma
Reply

Drainy
Champion
‎09-29-2013 11:10 AM

Bonjour!

Firstly, what are you upgrading from and to? It might also be worth checking the input before and after incase any migration steps have accidentally modified it so its causing regmon to have a bit of a wobbler.
Also I guess you've checked but also worth looking for any error or warning logs,

To submit a case (which I suspect you're going to need to) is at https://splunk--c.na2.visual.force.com/apex/CP_CaseSubmissionPage?caseID=NewCase (which you could find by going to the main Splunk site and hitting up Support 🙂 )

Another step to try would be on a search head to go to Manager -> System Settings and then to the System logging. If you put reg into the search box you will see a couple of related logging outputs. Might be worth editing the log.cfg on the forwarder to try and get more detail out of them;
http://docs.splunk.com/Documentation/Splunk/5.0.4/AdvancedDev/ModInputsLog

Reply

MHibbin
Influencer
‎09-30-2013 06:14 AM

Upgrading from 4.3.4 to 5.0.4, couldn't see anything in the logs other than the inputs starting up.

I'll try the logging.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...