I just updated our Splunk Universal Forwarder that is running admon from 4.2.3 to 5.0.4. After the upgrade, admon is continuing to log events, but I also am getting about 12 of these errors every minute from the forwarder running admon:
09-18-2013 01:35:02.621 -0500 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" -index activedirectory" splunk-admon - ProcessMessage: ldap_get_values error
Since admon appears to be working, I'm not sure what the errors indicate.
As of 4/27/14, my support case on the issue is still "Waiting on Dev"...
We are getting these errors on several servers, and have had 3 servers become unresponsive due to the problem. Here is a message from one of the servers (running Win Server 2008 64-bit):
Log Name: System
Source: Microsoft-Windows-Resource-Exhaustion-Detector
Date: 3/25/2014 11:19:56 AM
Event ID: 2004
Task Category: Resource Exhaustion Diagnosis Events
Level: Warning
Keywords: Events related to exhaustion of system commit limit (virtual memory).
User: SYSTEM
Computer: W12620.#########.###
Description:
Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: splunk-admon.exe (564) consumed 15444475904 bytes, svchost.exe (856) consumed 276242432 bytes, and Microsoft.Dynamics.Integration.Service.exe (1512) consumed 208461824 bytes.
Still waiting on support...
I am also receiving the same errors. did anyone find any solution ?
I am receiving the same errors and will continue to look for a solution.
As of 11/12/2013, Splunk support still does not have a fix or known root cause.
I am receiving the same errors after an install of a UF (5.0.4) on a DC. Did you find a solution to this? Thanks.