Why am I getting "Service 'splknetdrv' could not b...

dlpco · ‎10-02-2014

I am finding the following error in the splunkd.log of the forwarder running on a Windows machine after restarting the forwarder:

10-02-2014 16:57:49.603 -0700 ERROR ExecProcessor - message from "D:\SplunkUniversalForwarder\bin\splunk-netmon.exe" splunk-netmon - NetmonStopDriver - Service 'splknetdrv' could not be stopped!  Error = 1062

rovechkin · ‎02-20-2015

this can happen is the driver was busy processing network packets. Eventually it will be shut down by Windows SCM. Let me know if this is persistent issue.

dstaulcu · ‎02-21-2015

I get this problem too.. on many servers.. some very busy, some not-so-busy

rovechkin · ‎02-23-2015

Thanks for reporting! We will take a look at the issue, whoever it is probably benign - the driver might be just a bit busy and will eventually be shut down.

dlpco · ‎10-02-2014

Sorry - the backslashs in the path were stripped out for some reason.

musskopf · ‎01-13-2015

Did you find a solution? I'm trying to enable netmon over here and getting the same error... my Splunk UNF is 6.1.1

dlpco · ‎01-21-2015

I never did get an answer, I updated to 6.2.1 and installed the indexer on LINUX and issue was not encountered again.

Why am I getting "Service 'splknetdrv' could not be stopped! Error = 1062" in splunkd.log after restarting Windows universal forwarder?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!