Monitoring Splunk

Splunk Crashing with ExceptionCode: c0000005 (Access violation)

dusitnd
New Member

I'm seeing Splunk Enterprise Version 8.0.2 Build a7f645ddaf91 running Windows Server 2019, build 17763.1217.
Individual search heads in a cluster crash with no log messages in Splunk or event logs aside from a .dmp file:

ntdll!RtlpWaitOnCriticalSection+0x87:
00007ff8`3c99df33 ff4124          inc     dword ptr [rcx+24h] ds:00000000`00000024=????????
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ff83c99df33 (ntdll!RtlpWaitOnCriticalSection+0x0000000000000087)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000001
   Parameter[1]: 0000000000000024
Attempt to write to address 0000000000000024

PROCESS_NAME:  splunkd.exe

WRITE_ADDRESS:  0000000000000024 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000001

EXCEPTION_PARAMETER2:  0000000000000024

Has anyone seen this issue before?

Labels (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

You should open a support case. They probably will tell you to install version 8.0.4, however.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...