Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Stream TA stops streamfwd

skywalker
Observer
‎11-10-2020 06:46 AM

Hi Splunkers,

Is there any way to get rid of this knonw issue on Stream app ? 

Currently, I'm collecting DNS logs via Stream App on windows servers and streamfw.exe stopping without any reason somehow but UF is still running. This is a known issue written in the Stream docs.

When I dig into the internal logs and server logs, I couldn't find any related logs. 

now, I wrote a py to add a new txt file on Deployment server and reload the class then erase it for every 12 hours.

this is my little workaround but Its not efficient, I can't know when  they stops streaming and it means losing data till UFs restart time. 

Do you guys any other workaround for that ? 

 

the known issue is;

Windows: Capture stops with "pcap_loop returned error code -1 read error: PacketReceivePacket failed; network capture stopped" and isn't restarted

Workaround:
Manually re-configure streams for the forwarder to resume or restart Splunk Forwarder service in Windows

 

 

 

Labels (3)
Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...