Re: Why am I getting "Service 'splknetdrv' could n...

dlpco · ‎10-02-2014

I am finding the following error in the splunkd.log of the forwarder running on a Windows machine after restarting the forwarder:

10-02-2014 16:57:49.603 -0700 ERROR ExecProcessor - message from "D:\SplunkUniversalForwarder\bin\splunk-netmon.exe" splunk-netmon - NetmonStopDriver - Service 'splknetdrv' could not be stopped!  Error = 1062

rovechkin · ‎02-20-2015

this can happen is the driver was busy processing network packets. Eventually it will be shut down by Windows SCM. Let me know if this is persistent issue.

dstaulcu · ‎02-21-2015

I get this problem too.. on many servers.. some very busy, some not-so-busy

rovechkin · ‎02-23-2015

Thanks for reporting! We will take a look at the issue, whoever it is probably benign - the driver might be just a bit busy and will eventually be shut down.

dlpco · ‎10-02-2014

Sorry - the backslashs in the path were stripped out for some reason.

musskopf · ‎01-13-2015

Did you find a solution? I'm trying to enable netmon over here and getting the same error... my Splunk UNF is 6.1.1

dlpco · ‎01-21-2015

I never did get an answer, I updated to 6.2.1 and installed the indexer on LINUX and issue was not encountered again.

Why am I getting "Service 'splknetdrv' could not be stopped! Error = 1062" in splunkd.log after restarting Windows universal forwarder?

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk