I'm seeing Splunk Enterprise Version 8.0.2 Build a7f645ddaf91 running Windows Server 2019, build 17763.1217.
Individual search heads in a cluster crash with no log messages in Splunk or event logs aside from a .dmp
file:
ntdll!RtlpWaitOnCriticalSection+0x87:
00007ff8`3c99df33 ff4124 inc dword ptr [rcx+24h] ds:00000000`00000024=????????
Resetting default scope
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007ff83c99df33 (ntdll!RtlpWaitOnCriticalSection+0x0000000000000087)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000000024
Attempt to write to address 0000000000000024
PROCESS_NAME: splunkd.exe
WRITE_ADDRESS: 0000000000000024
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 0000000000000024
Has anyone seen this issue before?
You should open a support case. They probably will tell you to install version 8.0.4, however.