splunk-netmon error

kglover · ‎03-27-2015

Netmon is causing the application event log to have an event every minute.

Faulting application splunk-netmon.exe, version 1538.256.0.48819, time stamp 0x548a29a4, faulting module splunk-netmon.exe, version 1538.256.0.48819, time stamp 0x548a29a4, exception code 0xc0000409, fault offset 0x0059eab1, process id 0x1a0c, application start time 0x01d068c6bf094874.

In the splunkd log I get:

ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"" splunk-netmon - NetmonConfig::ConfigureNetmonSettings: Error setting direction key: \rFilterDirection, error 0x6.

in the inputs.conf the following inputs are as such:

###### Network monitoring ######
[WinNetMon://inbound]
direction = inbound
disabled = 0
index = windows

[WinNetMon://outbound]
direction = outbound
disabled = 0
index = windows

under the spec, inbound and outbound are proper keys for direction. Does anyone have an idea why this is happening?

Richfez · ‎07-21-2015

Total guess:
Wrong carriage return/newline settings? If a configuration file was edited on Windows and pasted into a *nix platform or vice versa, there's a possibility that the line endings got mixed up.

There used to be unix tools like "dos2unix" to fix this up, I'm sure editing the line endings in Notepad++ in Windows could fix this as well. In Notepad++ it's "Edit", "EOL Conversion".

splunk-netmon error

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services