Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Stream TA stops streamfwd

skywalker
Observer
‎11-10-2020 06:46 AM

Hi Splunkers,

Is there any way to get rid of this knonw issue on Stream app ? 

Currently, I'm collecting DNS logs via Stream App on windows servers and streamfw.exe stopping without any reason somehow but UF is still running. This is a known issue written in the Stream docs.

When I dig into the internal logs and server logs, I couldn't find any related logs. 

now, I wrote a py to add a new txt file on Deployment server and reload the class then erase it for every 12 hours.

this is my little workaround but Its not efficient, I can't know when  they stops streaming and it means losing data till UFs restart time. 

Do you guys any other workaround for that ? 

 

the known issue is;

Windows: Capture stops with "pcap_loop returned error code -1 read error: PacketReceivePacket failed; network capture stopped" and isn't restarted

Workaround:
Manually re-configure streams for the forwarder to resume or restart Splunk Forwarder service in Windows

 

 

 

Labels (3)
Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...