In UniversalForwarder 10.0.0.0, splunk-winevtlog.e...

darren

We recently updated 4 DEV servers with UniversalForwarder 10.0.0.0. However, on one of them the splunk-winevtlog.exe process consumes all memory and crashes the server within a few minutes of boot up. That one server that is crashing runs some java services, which may or may not be related. We're going to downgrade to UF 9.4.4.0 for now.

darren

Thanks, we'll test out the fix you linked to.

kiran_panchavat

@darrenWhat does the splunkd.log show after the UF has crashed?

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!

kiran_panchavat

@darren

Check this https://community.splunk.com/t5/Splunk-Enterprise/URGENT-All-splunk-forwarders-upgraded-to-10-0-vers...

Disabled the

evt_resolve_ad_obj = 0

in Splunk_TA_windows app , logs have now ceased.

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!

In UniversalForwarder 10.0.0.0, splunk-winevtlog.exe process consumes all memory and crashes the server

troubleshooting

upgrade

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Are you a member of the Splunk Community?