Carbon Black Cloud: Splunk Displays High Memory Utilization When 2.11 sensor for Linux is installed
book
Article ID: 285080
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
High memory utilization by Splunk when the Carbon Black Cloud 2.11.x sensor is installed
Sensor logs will show messages similar to:
[2021-05-21 15:24:37.351926] [1884:1905] [W] MsgpackArchive : put_string : Can't add an empty string to the cache. Field position: 3
[2021-05-21 15:24:37.351932] [1884:1905] [E] StatusMsg : ArchiveMessageInfo : Failed to Put field (key:VirtualizationProvider, value: ) into info map, rv = 3
Environment
Linux: All Supported Versions
Carbon Black Cloud Linux Sensor: 2.11.x
Cause
Compatibility issue with the virtualization platform
Resolution
Issue addressed with the 2.12.x sensor. Please upgrade to the 2.12.x sensor, or greater.