One of our administrators noticed that memory is spiking on the domain controllers and seems to have pin-pointed it to the Splunk Universal Forwarders installed on them.
Powershell is being run and it is having an impact on memory. This is one line he noticed in the event logs:
C:\Windows\system32\WindowsPowerShell\v.1.\powershell.exe -executionPolicy RemoteSigned -command, 'C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-DomainController-NT6\bin\powershell\ad-health.ps1'
OS: Windows Server 2012 R2
Splunk Universal Forwarder Version: 7.0.3
Has anyone dealt with this? Thanks!
↧