Hi,
I'm not sure if i can use the bug report thing without support contract?
Anyway, about 2 months ago I set up splunk on a W2k3 server and it ran fine for some time but now it seems to crash more and more often (multiple times per day)
Splunk 3.2.3 (build 35555)
I noticed a wealth of errors in \var\log\splunk\splunkd.log (a 65MB file by now), instead i'll just paste a crash dump log extract here.
"[build 35555]
C++ exception: object@[0x040CF6E0], type@[0x00B2F6D0]
Exception is Non-continuable
Exception address: [0x77E4BEE7]
Crashing thread: CallbackRunnerThread
ContextFlags: [0x00010007]
Dr0: [0x7C82A0B8]
Dr1: [0x00000005]
Dr2: [0x00000060]
Dr3: [0x00000000]
Dr6: [0x00000060]
Dr7: [0x00000000]
SegGs: [0x00000000]
SegFs: [0x0000003B]
SegEs: [0x7C820023]
SegDs: [0x003A0023]
Edi: [0x04B91A54]
Esi: [0x040CF668]
Ebx: [0x2049C9E8]
Edx: [0x00000001]
Ecx: [0x00000000]
Eax: [0x040CF5E0]
Ebp: [0x040CF630]
Eip: [0x77E4BEE7] RaiseException + 60/87
SegCs: [0x7C82001B]
EFlags: [0x00000206]
Esp: [0x040CF5DC]
SegSs: [0x7C820023]
Backtrace:
Frame 0 @[0x040CF630]: [0x78158E89] CxxThrowException + 70/77
Frame 1 @[0x040CF668]: [0x005E0294] ?
Frame 2 @[0x00000001]: (Frame below stack)
Crash dump written to: P:\Program Files\Splunk\var\log\splunk\crash-2008-07-09-05-24-49.dmp
OS: Windows
Arch: i386
Windows / SW021 / 2 / 5 / Intel
C++ Exception type: MetaDataException -> std::runtime_error -> std::exception
what(): Unable to open P:\Program Files\Splunk\var\lib\splunk\_internaldb\db\SourceTypes.data
terminating..."
I can't figure out why it shouldnt be able to access this file, it exists in the given location.
Looking at the other posts in here I can add that
- I configured a udp 514 syslog source, but it doesnt instantly crash when receiving data
- I didnt configure a service account for splunk at install time. I should have, but I usually wait 3-4 weeks for the primary admin to come up with a name for the service account...
If someone wants to look at this / needs more data (i.e. log / dumps), please let me know.
Florian