0

Read windows DMP files for 'Blue Screen of Death'

Hi team,

I'm trying to make use of DMP files created when a machine gets a Blue Screen error. One is a very large file called MEMORY.DMP stored in C:\Windows, the others are stored in C:\Windows\Minidump which are much smaller and easier to make use of in UberAgent, in principal at least.

Could UberAgent either read the DMP file itself and index the data or perhaps convert it inside the app and store the info in text format and be presented in a nice UI and/or searchable as raw indexed data?

With BlueScreens being so common with Windows it feels like a worth while feature many organisations could benefit from. :)

 

Many thanks

Andy

4 comments

  • Avatar
    Helge Klein Official comment

    Hi Andy,

    It's a nice coincidence you are asking about blue screen info - we are working on that right now. It will be part of the new version 4.1 which should be available soon.

    Regards, Helge

  • 0
    Avatar
    Andy Howat

    Hi Helge,

    Excellent news! I look forward to seeing how the data can be used.

     

    Many thanks

    Andy

  • 0
    Avatar
    Andy Howat

    Hi there,

     

    We have 4.1 in UAT at the moment, where would I find the blue screen information?

    I've looked through this page and haven't spotted anything, hoping I've missed it somehow. :)

    https://uberagent.com/documentation/splunk-events-and-source-types/

     

     

    Many thanks

    Andy

     

  • 0
    Avatar
    Helge Klein

    Hi Andy,

    The sourcetype is uberAgent:System:Bugcheck. The corresponding dashboard is called Stop Errors (Blue Screen & Power Loss) and can be found in the Machines menu.

    Thanks, Helge

Please sign in to leave a comment.