Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk-perfmon.exe exited with code -1

bmacias84
Champion
‎12-17-2012 03:18 PM

Hello,

I am trying to find out why I receive "ExecProcessor - Ran script: "$SPLUNK_HOME\bin\splunk-perfmon.exe" -index perfmon, took 46.88 milliseconds to run, 0 bytes read, exited with code -1".

I am layering the following apps: splunk_Windows_TA, TA-DNSServer-NT6,TA-DomainController-NT6.

Below is my btool output for inputs.conf in debug mode:



system     [SSL]

system     _rcvbuf = 1572864

system     cipherSuite = ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = default

Splunk_TA_ [WinEventLog:Application]

system     _rcvbuf = 1572864

Splunk_TA_ checkpointInterval = 5

Splunk_TA_ current_only = 0

Splunk_TA_ disabled = 0

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

Splunk_TA_ index = winevents

Splunk_TA_ start_from = oldest

TA-DomainC [WinEventLog:DFS Replication]

system     _rcvbuf = 1572864

TA-DomainC disabled = 0

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

TA-DomainC index = winevents

TA-DomainC queue = parsingQueue

TA-DomainC sourcetype = "WinEventLog:DFS Replication"

TA-DNSServ [WinEventLog:DNS Server]

system     _rcvbuf = 1572864

TA-DNSServ disabled = false

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

TA-DNSServ index = winevents

TA-DNSServ queue = parsingQueue

TA-DNSServ sourcetype = WinEventLog:DNS-Server

TA-DomainC [WinEventLog:Directory Service]

system     _rcvbuf = 1572864

TA-DomainC disabled = 0

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

TA-DomainC index = winevents

TA-DomainC queue = parsingQueue

TA-DomainC sourcetype = "WinEventLog:Directory Service"

TA-DomainC [WinEventLog:File Replication Service]

system     _rcvbuf = 1572864

TA-DomainC disabled = 0

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

TA-DomainC index = winevents

TA-DomainC queue = parsingQueue

TA-DomainC sourcetype = "WinEventLog:File Replication Service"

system     [WinEventLog:ForwardedEvents]

system     _rcvbuf = 1572864

system     checkpointInterval = 5

system     current_only = 0

system     disabled = 1

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = default

system     start_from = oldest

system     [WinEventLog:HardwareEvents]

system     _rcvbuf = 1572864

system     checkpointInterval = 5

system     current_only = 0

system     disabled = 1

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = default

system     start_from = oldest

system     [WinEventLog:Internet Explorer]

system     _rcvbuf = 1572864

system     checkpointInterval = 5

system     current_only = 0

system     disabled = 1

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = default

system     start_from = oldest

TA-DomainC [WinEventLog:Key Management Service]

system     _rcvbuf = 1572864

TA-DomainC disabled = 0

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

TA-DomainC index = winevents

TA-DomainC queue = parsingQueue

TA-DomainC sourcetype = "WinEventLog:Key Management Service"

Splunk_TA_ [WinEventLog:Security]

system     _rcvbuf = 1572864

Splunk_TA_ checkpointInterval = 5

Splunk_TA_ current_only = 0

Splunk_TA_ disabled = 0

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

Splunk_TA_ evt_resolve_ad_obj = 1

system     host = fozzie

Splunk_TA_ index = winevents

Splunk_TA_ start_from = oldest

system     [WinEventLog:Setup]

system     _rcvbuf = 1572864

system     checkpointInterval = 5

system     current_only = 0

system     disabled = 1

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = default

system     start_from = oldest

Splunk_TA_ [WinEventLog:System]

system     _rcvbuf = 1572864

Splunk_TA_ checkpointInterval = 5

Splunk_TA_ current_only = 0

Splunk_TA_ disabled = 0

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

Splunk_TA_ index = winevents

Splunk_TA_ start_from = oldest

system     [batch://C:\Program Files\splunk\var\spool\splunk]

system     _rcvbuf = 1572864

system     crcSalt = 

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = default

system     move_policy = sinkhole

system     [batch://C:\Program Files\splunk\var\spool\splunk...stash_new]

system     _rcvbuf = 1572864

system     crcSalt = 

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = default

system     move_policy = sinkhole

system     queue = stashparsing

system     sourcetype = stash_new

system     [fschange:C:\Program Files\splunk\etc]

system     _rcvbuf = 1572864

system     delayInMills = 100

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     filesPerDelay = 10

system     followLinks = false

system     fullEvent = false

system     hashMaxSize = -1

system     host = fozzie

system     index = default

system     pollPeriod = 600

system     recurse = true

system     sendEventMaxSize = -1

system     signedaudit = true

Splunk_TA_ [fschange:C:\Windows\System32\drivers\etc]

system     _rcvbuf = 1572864

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

Splunk_TA_ hashMaxSize = 1048576

system     host = fozzie

Splunk_TA_ index = winevents

Splunk_TA_ pollPeriod = 30

system     [monitor://C:\Program Files\splunk\etc\splunk.version]

system     _TCP_ROUTING = *

system     _rcvbuf = 1572864

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = _internal

system     sourcetype = splunk_version

system     [monitor://C:\Program Files\splunk\var\log\splunk]

system     _rcvbuf = 1572864

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = _internal

Splunk_TA_ [monitor://C:\Windows\System32\DHCP]

system     _rcvbuf = 1572864

Splunk_TA_ crcSalt = 

Splunk_TA_ disabled = 1

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = default

Splunk_TA_ sourcetype = DhcpSrvLog

Splunk_TA_ whitelist = DhcpSrvLog*

TA-DNSServ [monitor://C:\Windows\System32\Dns\dns.log]

system     _rcvbuf = 1572864

TA-DNSServ disabled = false

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

TA-DNSServ index = msad

TA-DNSServ sourcetype = MSAD:NT6:DNS

Splunk_TA_ [monitor://C:\Windows\WindowsUpdate.log]

system     _rcvbuf = 1572864

Splunk_TA_ disabled = 0

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

Splunk_TA_ index = winevents

Splunk_TA_ sourcetype = WindowsUpdateLog

TA-DomainC [monitor://C:\Windows\debug\netlogon.log]

system     _rcvbuf = 1572864

TA-DomainC disabled = false

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

TA-DomainC index = msad

TA-DomainC sourcetype = MSAD:NT6:Netlogon

Splunk_TA_ [perfmon://CPUTime]

Splunk_TA_ counters = % Processor Time;% User Time

Splunk_TA_ disabled = 1

system     host = fozzie

system     index = default

Splunk_TA_ instances = _Total

Splunk_TA_ interval = 10

Splunk_TA_ object = Processor

TA-DomainC [perfmon://DFS_Replicated_Folders]

TA-DomainC counters = *

TA-DomainC disabled = 0

system     host = fozzie

TA-DomainC index = perfmon

TA-DomainC instances = *

TA-DomainC interval = 60

TA-DomainC object = DFS Replicated Folders

TA-DNSServ [perfmon://DNS]

TA-DNSServ counters = *

TA-DNSServ disabled = 0

system     host = fozzie

system     index = default

TA-DNSServ interval = 60

TA-DNSServ object = DNS

Splunk_TA_ [perfmon://FreeDiskSpace]

Splunk_TA_ counters = Free Megabytes;% Free Space

Splunk_TA_ disabled = 1

system     host = fozzie

system     index = default

Splunk_TA_ instances = *

Splunk_TA_ interval = 10

Splunk_TA_ object = LogicalDisk

Splunk_TA_ [perfmon://LocalNetwork]

Splunk_TA_ counters = *

Splunk_TA_ disabled = 0

system     host = fozzie

Splunk_TA_ index = perfmon

Splunk_TA_ instances = *

Splunk_TA_ interval = 60

Splunk_TA_ object = Network Interface

Splunk_TA_ [perfmon://LogicalDisk]

Splunk_TA_ counters = *

Splunk_TA_ disabled = 0

system     host = fozzie

Splunk_TA_ index = perfmon

Splunk_TA_ instances = *

Splunk_TA_ interval = 60

Splunk_TA_ object = LogicalDisk

Splunk_TA_ [perfmon://Memory]

Splunk_TA_ counters = *

Splunk_TA_ disabled = 0

system     host = fozzie

Splunk_TA_ index = perfmon

Splunk_TA_ instances = *

Splunk_TA_ interval = 60

Splunk_TA_ object = Memory

TA-DomainC [perfmon://NTDS]

TA-DomainC counters = *

TA-DomainC disabled = 0

system     host = fozzie

TA-DomainC index = perfmon

TA-DomainC interval = 60

TA-DomainC object = NTDS

Splunk_TA_ [perfmon://Processor]

Splunk_TA_ counters = *

Splunk_TA_ disabled = 0

system     host = fozzie

Splunk_TA_ index = perfmon

Splunk_TA_ instances = _Total

Splunk_TA_ interval = 60

Splunk_TA_ object = Processor

system     [script]

system     _rcvbuf = 1572864

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = default

system     interval = 60.0

TA-DomainC [script://C:\Program Files\splunk\bin\scripts\splunk-admon.path]

system     _rcvbuf = 1572864

TA-DomainC disabled = false

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

TA-DomainC index = msad

TA-DomainC interval = 3600

system     persistentQueueSize = 50MB

system     queue = winparsing

system     source = ActiveDirectory

system     sourcetype = ActiveDirectory

################## Section in question ########################

Splunk_TA_ [script://C:\Program Files\splunk\bin\scripts\splunk-perfmon.path]

system     _rcvbuf = 1572864

Splunk_TA_ disabled = 0

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

Splunk_TA_ index = perfmon

Splunk_TA_ interval = 60

Splunk_TA_ queue = winparsing

Splunk_TA_ source = PerformanceMonitor

############################################################

system     [script://C:\Program Files\splunk\bin\scripts\splunk-regmon.path]

system     _rcvbuf = 1572864

system     disabled = 0

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = default

system     interval = 10000000

system     persistentQueueSize = 50MB

system     queue = winparsing

system     source = WinRegistry

system     sourcetype = WinRegistry

system     [script://C:\Program Files\splunk\bin\scripts\splunk-wmi.path]

system     _rcvbuf = 1572864

system     disabled = 0

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = default

system     interval = 10000000

system     persistentQueueSize = 200MB

system     queue = winparsing

system     source = wmi

system     sourcetype = wmi

Splunk_TA_ [script://C:\Program Files\splunk\etc\apps\Splunk_TA_windows\bin\win_installed_apps.bat]

system     _rcvbuf = 1572864

Splunk_TA_ disabled = 0

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

Splunk_TA_ index = winevents

Splunk_TA_ interval = 86400

Splunk_TA_ sourcetype = Script:InstalledApps

Splunk_TA_ [script://C:\Program Files\splunk\etc\apps\Splunk_TA_windows\bin\win_listening_ports.bat]

system     _rcvbuf = 1572864

Splunk_TA_ disabled = 0

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

Splunk_TA_ index = winevents

Splunk_TA_ interval = 3600

Splunk_TA_ sourcetype = Script:ListeningPorts

TA-DNSServ [script://C:\Program Files\splunk\etc\apps\TA-DNSServer-NT6\bin\runpowershell.cmd dns-health.ps1]

system     _rcvbuf = 1572864

TA-DNSServ disabled = false

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

TA-DNSServ index = msad

TA-DNSServ interval = 3600

TA-DNSServ source = Powershell

TA-DNSServ sourcetype = MSAD:NT6:DNS-Health

TA-DNSServ [script://C:\Program Files\splunk\etc\apps\TA-DNSServer-NT6\bin\runpowershell.cmd dns-zoneinfo.ps1]

system     _rcvbuf = 1572864

TA-DNSServ disabled = false

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

TA-DNSServ index = msad

TA-DNSServ interval = 3600

TA-DNSServ source = Powershell

TA-DNSServ sourcetype = MSAD:NT6:DNS-Zone-Information

TA-DomainC [script://C:\Program Files\splunk\etc\apps\TA-DomainController-NT6\bin\runpowershell.cmd ad-health.ps1]

system     _rcvbuf = 1572864

TA-DomainC disabled = false

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

TA-DomainC index = msad

TA-DomainC interval = 300

TA-DomainC source = Powershell

TA-DomainC sourcetype = MSAD:NT6:Health

TA-DomainC [script://C:\Program Files\splunk\etc\apps\TA-DomainController-NT6\bin\runpowershell.cmd ad-repl-stat.ps1]

system     _rcvbuf = 1572864

TA-DomainC disabled = false

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

TA-DomainC index = msad

TA-DomainC interval = 300

TA-DomainC source = Powershell

TA-DomainC sourcetype = MSAD:NT6:Replication

TA-DomainC [script://C:\Program Files\splunk\etc\apps\TA-DomainController-NT6\bin\runpowershell.cmd siteinfo.ps1]

system     _rcvbuf = 1572864

TA-DomainC disabled = false

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

TA-DomainC index = msad

TA-DomainC interval = 3600

TA-DomainC source = Powershell

TA-DomainC sourcetype = MSAD:NT6:SiteInfo

system     [splunktcp]

system     _rcvbuf = 1572864

system     acceptFrom = *

system     connection_host = ip

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = default

system     route = has_key:_replicationBucketUUID:replicationQueue;has_key:_dstrx:typingQueue;has_key:_linebreaker:indexQueue;absent_key:_linebreaker:parsingQueue

system     [tcp]

system     _rcvbuf = 1572864

system     acceptFrom = *

system     connection_host = dns

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = default

system     [udp]

system     _rcvbuf = 1572864

system     connection_host = ip

Splunk_TA_ evt_dc_name = 

Splunk_TA_ evt_dns_name = 

system     evt_resolve_ad_obj = 0

system     host = fozzie

system     index = default

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bmacias84
Champion
‎12-19-2012 09:54 AM

This is a non-issue. I just removed stanza for splunk-perfmon.path and just used the perfmon inputs.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

bmacias84
Champion
‎12-19-2012 09:54 AM

This is a non-issue. I just removed stanza for splunk-perfmon.path and just used the perfmon inputs.

0 Karma
Reply
Solved! Jump to solution

mmattek
Path Finder
‎02-24-2014 01:01 PM

I have this same problem and don't understand your answer?

0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...