Hi Splunkers,
Is there any way to get rid of this knonw issue on Stream app ?
Currently, I'm collecting DNS logs via Stream App on windows servers and streamfw.exe stopping without any reason somehow but UF is still running. This is a known issue written in the Stream docs.
When I dig into the internal logs and server logs, I couldn't find any related logs.
now, I wrote a py to add a new txt file on Deployment server and reload the class then erase it for every 12 hours.
this is my little workaround but Its not efficient, I can't know when they stops streaming and it means losing data till UFs restart time.
Do you guys any other workaround for that ?
the known issue is;
Windows: Capture stops with "pcap_loop returned error code -1 read error: PacketReceivePacket failed; network capture stopped" and isn't restarted
Workaround:
Manually re-configure streams for the forwarder to resume or restart Splunk Forwarder service in Windows
