Re: Why am I getting "Service 'splknetdrv' could n...

dlpco · ‎10-02-2014

I am finding the following error in the splunkd.log of the forwarder running on a Windows machine after restarting the forwarder:

10-02-2014 16:57:49.603 -0700 ERROR ExecProcessor - message from "D:\SplunkUniversalForwarder\bin\splunk-netmon.exe" splunk-netmon - NetmonStopDriver - Service 'splknetdrv' could not be stopped!  Error = 1062

rovechkin · ‎02-20-2015

this can happen is the driver was busy processing network packets. Eventually it will be shut down by Windows SCM. Let me know if this is persistent issue.

dstaulcu · ‎02-21-2015

I get this problem too.. on many servers.. some very busy, some not-so-busy

rovechkin · ‎02-23-2015

Thanks for reporting! We will take a look at the issue, whoever it is probably benign - the driver might be just a bit busy and will eventually be shut down.

dlpco · ‎10-02-2014

Sorry - the backslashs in the path were stripped out for some reason.

musskopf · ‎01-13-2015

Did you find a solution? I'm trying to enable netmon over here and getting the same error... my Splunk UNF is 6.1.1

dlpco · ‎01-21-2015

I never did get an answer, I updated to 6.2.1 and installed the indexer on LINUX and issue was not encountered again.

Why am I getting "Service 'splknetdrv' could not be stopped! Error = 1062" in splunkd.log after restarting Windows universal forwarder?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation