Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Windows regmon process maxing CPU usage

MHibbin
Influencer
‎09-27-2013 02:38 AM

Hi guys,

I have started upgrading our Windows forwarders, and have seen issues with the regmon process (splunk-regmon.exe)maxing out the CPU usage on the hosting server. The only workaround I have at the moment is to disable the input script at the system level. This is not ideal as we monitor the changes in the registry.

This has had the same effect on Windows 2003, 2008 R2, and 2012.

Is this a known issues (I have checked the release notes, but couldn't see anything)? Is there a work-around that can enable us to use this feature without maxing out the CPU?

If it is a bug, where do I find the submission form? - it's been a long time since I've looked at the form.

Thanks,

MHibbin

0 Karma
Reply

Drainy
Champion
‎09-29-2013 11:10 AM

Bonjour!

Firstly, what are you upgrading from and to? It might also be worth checking the input before and after incase any migration steps have accidentally modified it so its causing regmon to have a bit of a wobbler.
Also I guess you've checked but also worth looking for any error or warning logs,

To submit a case (which I suspect you're going to need to) is at https://splunk--c.na2.visual.force.com/apex/CP_CaseSubmissionPage?caseID=NewCase (which you could find by going to the main Splunk site and hitting up Support 🙂 )

Another step to try would be on a search head to go to Manager -> System Settings and then to the System logging. If you put reg into the search box you will see a couple of related logging outputs. Might be worth editing the log.cfg on the forwarder to try and get more detail out of them;
http://docs.splunk.com/Documentation/Splunk/5.0.4/AdvancedDev/ModInputsLog

Reply

MHibbin
Influencer
‎09-30-2013 06:14 AM

Upgrading from 4.3.4 to 5.0.4, couldn't see anything in the logs other than the inputs starting up.

I'll try the logging.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...