Documentation > Splunk > Release Notes > Workaround for Registry monitoring configuration issue

Release Notes

 


What's new
Known issues for this release
Deprecated features
Credits

Workaround for Registry monitoring configuration issue

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Workaround for Registry monitoring configuration issue

Note: The bug that this workaround addresses was resolved in version 4.3.1 of Splunk.

Background

In Splunk 4.3, the defaults for Registry monitoring have been migrated into the Windows app. If you have Registry monitoring enabled in 4.2, this means you might experience some changes in behavior as these defaults are no longer present to back your local settings.

How to fix the problem

There are two ways to fix this problem:

1. Install the current version of the Splunk for Windows app into your 4.3 instance. This will provide the default configurations.

OR

2. Add the following lines to %SPLUNK_HOME%\etc\system\local\regmon-filters.conf: 

[default]
#workaround for regmon migration
proc = .*
type = rename|set|delete|create
hive = .*

Note that adding these values here overrides system defaults that may change in the future.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.3/ReleaseNotes/WorkaroundforRegistryMonitoringConfigIssue"

This documentation applies to the following versions of Splunk: 4.3 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!