Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- splunkd.log error : GetInt64Val: ldap_get_values e...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
splunkd.log error : GetInt64Val: ldap_get_values error
CSabhaya
Engager
03-17-2014
02:59 PM
I am constantly getting the following message from splunk forwarder splunkd.log
03-17-2014 11:38:28.245 -0700 WARN ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"" splunk-regmon - SysmonMigrator::read - 'sysmon.conf' was not found, no migration is required.
03-17-2014 11:58:32.247 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::GetInt64Val: ldap_get_values error
03-17-2014 11:58:32.247 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
03-17-2014 11:58:32.247 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::GetInt64Val: ldap_get_values error
03-17-2014 11:58:32.247 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
03-17-2014 12:01:17.610 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::GetInt64Val: ldap_get_values error
03-17-2014 12:01:17.610 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
03-17-2014 12:12:15.646 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::GetInt64Val: ldap_get_values error
03-17-2014 12:12:15.646 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
03-17-2014 12:15:01.594 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::GetInt64Val: ldap_get_values error
03-17-2014 12:15:01.594 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
03-17-2014 12:15:01.594 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::GetInt64Val: ldap_get_values error
03-17-2014 12:15:01.594 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
03-17-2014 12:16:33.793 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::GetInt64Val: ldap_get_values error
03-17-2014 12:16:33.793 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
03-17-2014 12:18:02.373 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::GetInt64Val: ldap_get_values error
03-17-2014 12:18:02.373 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
03-17-2014 12:18:02.373 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::GetInt64Val: ldap_get_values error
03-17-2014 12:18:02.373 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
03-17-2014 12:20:46.566 -0700 INFO WatchedFile - Logfile truncated while open, original pathname file='C:\Users\rq113d\Desktop\test1\IVTRUpdateLog_2014-03-16 20-101.txt', will begin reading from start.
03-17-2014 12:24:25.501 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::GetInt64Val: ldap_get_values error
03-17-2014 12:24:25.501 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
03-17-2014 12:24:25.501 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::GetInt64Val: ldap_get_values error
03-17-2014 12:24:25.501 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
03-17-2014 12:39:50.170 -0700 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"" splunk-admon - AdQuery::GetInt64Val: ldap_get_values error
Is anyone having similar issue? what this error indicates. Any suggestions?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
e2eadmin
Explorer
01-07-2015
09:16 AM
Was there ever an answer to this? I am having the same problem. Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ccraft_splunk
Splunk Employee
06-20-2016
08:00 PM
Has there been answer found out for this? I am having the same problem?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
stefan1988
Path Finder
02-02-2017
12:18 AM
I'm getting the same message
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
davidboose
Engager
02-03-2017
12:16 PM
bump
we are too
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
adhoke_splunk
Splunk Employee
02-03-2017
03:09 PM
can you check inputs.conf and admon.conf to see that stanzas not configured by you are set to 'disabled=1'
This error shows up because Active Directory query is not returning required values.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ankeetashet
Engager
10-09-2014
08:26 AM
We are facing a similar issue as well. We are trying to read windows event logs from a machine which has a Splunk forwarder installed version 5.0.1. The inputs.conf file is as below:
[WinEventLog://Application]
checkpointInterval = 5
current_only = 0
disabled = 0
index = mag_nprod
start_from = oldest
[WinEventLog://System]
checkpointInterval = 5
current_only = 0
disabled = 0
index = mag_nprod
start_from = oldest
The following error message is present in the Splunkd logs:
10-09-2014 15:47:22.660 +0100 ERROR ExecProcessor - message from "E:\tools\SplunkForwarder\bin\splunk-admon.exe" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
10-09-2014 15:47:22.660 +0100 ERROR ExecProcessor - message from "E:\tools\SplunkForwarder\bin\splunk-admon.exe" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
10-09-2014 15:47:19.034 +0100 ERROR ExecProcessor - message from "E:\tools\SplunkForwarder\bin\splunk-admon.exe" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
10-09-2014 15:47:18.409 +0100 ERROR ExecProcessor - message from "E:\tools\SplunkForwarder\bin\splunk-admon.exe" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
10-09-2014 15:46:51.783 +0100 ERROR ExecProcessor - message from "E:\tools\SplunkForwarder\bin\splunk-admon.exe" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
10-09-2014 15:46:27.158 +0100 ERROR ExecProcessor - message from "E:\tools\SplunkForwarder\bin\splunk-admon.exe" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
Any suggestions please?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
season88481
Contributor
02-27-2017
07:37 PM
I got this error as well:
10-09-2014 15:46:27.158 +0100 ERROR ExecProcessor - message from "E:\tools\SplunkForwarder\bin\splunk-admon.exe" splunk-admon - AdQuery::ProcessMessage: Cannot get uSNChanged from message.
Had checked the \bin directory, the splunk-admon.exe is not missing.
Not sure what to do next though.
Get Updates on the Splunk Community!
The All New Performance Insights for Splunk
Splunk gives you amazing tools to analyze system data and make business-critical decisions, react to issues, ...
Good Sourcetype Naming
When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...
See your relevant APM services, dashboards, and alerts in one place with the updated ...
As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...
