×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
olivier_guisneu
Engager
Member since: ‎07-11-2016
‎02-26-2025
Community Statistics
Posts 2
Solutions 1
Karma Given 0
Karma Received 1
Member Since ‎11-07-2016
View All

Re: UF - WinEventLog Security collection error - ...

by in Getting Data In
‎01-30-2024 07:02 AM
1 Karma
‎01-30-2024 07:02 AM
1 Karma
We upgraded the UF to v 9.0.6 and it solved our issue https://docs.splunk.com/Documentation/Splunk/9.0.6/ReleaseNotes/Fixedissues#Windows-specific_issues ... View more

UF - WinEventLog Security collection error - GUID...

by in Getting Data In
‎07-13-2023 01:38 AM
‎07-13-2023 01:38 AM
Hi, We deployed an UF on a Win server 2022 and enabled the [WinEventLog://Security] log collection.  The log collection stops for hours sometime, and we see this error : ERROR ExecProcessor [6468 ExecProcessor] - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe"" WinEventCommonChannel - WinEventLogChannelBase::transADObject: Failed to convert guid string to guid structure: Invalid class string After a few hours or minutes (randomly), Splunk starts again the log collection and then stops again. And all of that witout any service restart. It only happens with Security Event logs. No issue with Application or System.   Has anyone seen this error before? Splunk UF version : 9.0.5 (64bits) Splunk_TA_windows : 8.7.0   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-26-2025 12:31 PM
Karma from
View All