I have a situation at a customer where they have the Splunk agent installed on a Server 2016 Domain controller. They have enabled some advanced auditing and when retrieving Event ID 4688 which is the event that records process creation the event details are being truncated. The process name, creater path and command line are missing.
It appears that the Splunk agent is using a deprecated API. Has anyone seen this issue and knows of a resolution/fix..