Carbon Black Cloud: Splunk Displays High Memory Utilization When 2.11 sensor for Linux is installed
search cancel

Carbon Black Cloud: Splunk Displays High Memory Utilization When 2.11 sensor for Linux is installed

book

Article ID: 285080

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  • High memory utilization by Splunk when the Carbon Black Cloud 2.11.x sensor is installed
  • Sensor logs will show messages similar to:
[2021-05-21 15:24:37.351926] [1884:1905] [W] MsgpackArchive : put_string : Can't add an empty string to the cache. Field position: 3
[2021-05-21 15:24:37.351932] [1884:1905] [E] StatusMsg : ArchiveMessageInfo : Failed to Put field (key:VirtualizationProvider, value: ) into info map, rv = 3

 

Environment

  • Linux: All Supported Versions
  • Carbon Black Cloud Linux Sensor: 2.11.x

Cause

Compatibility issue with the virtualization platform

Resolution

Issue addressed with the 2.12.x sensor.  Please upgrade to the 2.12.x sensor, or greater.