Monitoring Splunk
Highlighted

Splunk Crashing with ExceptionCode: c0000005 (Access violation)

New Member

I'm seeing Splunk Enterprise Version 8.0.2 Build a7f645ddaf91 running Windows Server 2019, build 17763.1217.
Individual search heads in a cluster crash with no log messages in Splunk or event logs aside from a .dmp file:

ntdll!RtlpWaitOnCriticalSection+0x87:
00007ff8`3c99df33 ff4124          inc     dword ptr [rcx+24h] ds:00000000`00000024=????????
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ff83c99df33 (ntdll!RtlpWaitOnCriticalSection+0x0000000000000087)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000001
   Parameter[1]: 0000000000000024
Attempt to write to address 0000000000000024

PROCESS_NAME:  splunkd.exe

WRITE_ADDRESS:  0000000000000024 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000001

EXCEPTION_PARAMETER2:  0000000000000024

Has anyone seen this issue before?

Labels (2)
0 Karma
Highlighted

Re: Splunk Crashing with ExceptionCode: c0000005 (Access violation)

SplunkTrust
SplunkTrust

You should open a support case. They probably will tell you to install version 8.0.4, however.

---
If this reply helps you, an upvote would be appreciated.
0 Karma