Forum Discussion
PeterJoInobits
Apr 25, 2022Brass Contributor
Missing information in Event ID 4688
Hi All
I have a situation at a customer where they have the Splunk agent installed on a Server 2016 Domain controller. They have enabled some advanced auditing and when retrieving Event ID 4688 which is the event that records process creation the event details are being truncated. The process name, creater path and command line are missing.
It appears that the Splunk agent is using a deprecated API. Has anyone seen this issue and knows of a resolution/fix..
- 790927245Copper Contributorwin11 更新22H2后出现这个问题,回退21H2后问题解决