Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to fix perfmon errors "Object specified...in conf file is not valid"?

dmhlakaza
Explorer
‎09-04-2014 04:03 AM

how to fix this error:
ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe" -index gdf" splunk-perfmon - The object specified - 'Processor' in stanza - 'CPU' in conf file is not valid.
09-03-2014 10:25:59.516 +0200 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe" -index gdf" splunk-perfmon - The object specified - 'LogicalDisk' in stanza - 'Logical Disk' in conf file is not valid.
09-03-2014 10:25:59.516 +0200 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe" -index gdf" splunk-perfmon - The object specified - 'Memory' in stanza - 'Memory' in conf file is not valid.
09-03-2014 10:25:59.516 +0200 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe" -index gdf" splunk-perfmon - The object specified - 'Network Interface' in stanza - 'Network' in conf file is not valid.
09-03-2014 10:25:59.516 +0200 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe" -index gdf" splunk-perfmon - The object specified - 'Process' in stanza - 'Processes' in conf file is not valid.
09-03-2014 10:25:59.516 +0200 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe" -index gdf" splunk-perfmon - The object specified - 'System' in stanza - 'System' in conf file is not valid.

Reply
1 Solution
Solved! Jump to solution
Solution

linu1988
Champion
‎09-04-2014 09:04 AM

More over did you check if the perfmon counter are available in your system? SOmetimes they get corrupt and are not accessible

View solution in original post

Reply
Solved! Jump to solution
Solution

linu1988
Champion
‎09-04-2014 09:04 AM

More over did you check if the perfmon counter are available in your system? SOmetimes they get corrupt and are not accessible

Reply
Solved! Jump to solution

linu1988
Champion
‎09-05-2014 12:38 AM

Needs to be marked as answered then 🙂

0 Karma
Reply
Solved! Jump to solution

dmhlakaza
Explorer
‎09-04-2014 11:36 PM

I just checked the perfmon counter and yes indeed they were corrupt, I ran the following commands to fix it
Rebuilding the counters:
cd c:\windows\system32
lodctr /R
cd c:\windows\sysWOW64
lodctr /R

Resyncing the counters with Windows Management Instrumentation (WMI):
WINMGMT.EXE /RESYNCPERF

Stop and restart the Performance Logs and Alerts service.
Stop and restart the Windows Management Instrumentation service.
Thank you very much

Reply
Solved! Jump to solution

linu1988
Champion
‎09-04-2014 04:23 AM

Hello,
It suggests the perfmon configuration in inputs.conf file is wrong, Could you post your stanzas?

Thanks

0 Karma
Reply
Solved! Jump to solution

linu1988
Champion
‎09-04-2014 06:59 AM

Still this should be like this PERFMON -> Perfmon

[Perfmon:CPU]
counters = % Processor Time;% Privileged Time
disabled = 0
instances = _Total
interval = 120
object = Processor
index = temp_index

restart the forwarder service, lets see what happens

0 Karma
Reply
Solved! Jump to solution

dmhlakaza
Explorer
‎09-04-2014 06:33 AM

thanks, but I am still using v4.3.6, I am planning to upgrade soon

0 Karma
Reply
Solved! Jump to solution

linu1988
Champion
‎09-04-2014 06:11 AM

Depends which version of splunk you are using. Please use the below in inputs.conf in v5+ splunk forwarders

[perfmon://CPU Load]
counters = % Processor Time;% Privileged Time
disabled = 0
instances = _Total
interval = 120
object = Processor
index = temp_index

Remember the stanza definition is case sensitive.

0 Karma
Reply
Solved! Jump to solution

dmhlakaza
Explorer
‎09-04-2014 05:32 AM

continued

[PERFMON:Processes]
counters = ID Process
disabled = 0
instances = *
interval = 900
object = Process

[PERFMON:Network]
counters = Bytes Received/sec;Bytes Sent/sec;Current Bandwidth
disabled = 0
instances = *
interval = 300
object = Network Interface

[PERFMON:System]
counters = System Up Time
disabled = 0
instances = *
interval = 3600
object = System

0 Karma
Reply
Solved! Jump to solution

dmhlakaza
Explorer
‎09-04-2014 05:31 AM

these are my stanzas and they working on other servers:

[PERFMON:CPU]
counters = % Privileged Time;% Processor Time;% User Time;DPCs Queued/sec
disabled = 0
instances = *
interval = 300
object = Processor

[PERFMON:Logical Disk]
counters = % Free Space;Current Disk Queue Length;Disk Read Bytes/sec;Disk Write Bytes/sec
disabled = 0
instances = *
interval = 900
object = LogicalDisk

[PERFMON:Memory]
counters = % Committed Bytes In Use;Page Reads/sec;Page Writes/sec
disabled = 0
instances = *
interval = 300
object = Memory

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...
Top