Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Getting Data In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- splunk-winprintmon.exe splunk-winPrintMon - monito...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
splunk-winprintmon.exe splunk-winPrintMon - monitorHost::ProcessRefresh: Failed ProcessRefresh: error = '0x800706ba'.
edoardo_vicendo
Contributor
03-14-2024
03:21 AM
Hello,
We have around 10K events per hour on _internal index from a Splunk UF 9.1.2 installed on a Windows 10 22H2 machine (build 19045.3930).
I know the problem is that the Printer service is disabled, the question is why Splunk UF is not trying to check WinPrintMon every 600 seconds as per inputs.conf
Here seems the reason, why is ignoring the interval parameter?
03-14-2024 11:02:02.900 +0100 INFO ExecProcessor [4212 ExecProcessor] - Ignoring parameter "interval" for modular input "WinPrintMon" when scheduling the runtime for script=""C:\Program Files\SplunkUniversalForwarder\bin\scripts\splunk-winprintmon.path"". This means potentially Splunk won't be restarting it in case it gets terminated.
Here the logs in _internal index (around 180 per minutes, so 3 times per second)
03-14-2024 10:30:23.470 +0100 ERROR ExecProcessor [7088 ExecProcessor] - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"" splunk-winPrintMon - monitorHost::ProcessRefresh: Failed ProcessRefresh: error = '0x800706ba'. Restart.
03-14-2024 10:30:23.470 +0100 ERROR ExecProcessor [7088 ExecProcessor] - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"" splunk-winPrintMon - monitorHost::ProcessRefresh: Failed ProcessRefresh: error = '0x800706ba'. Restart.
03-14-2024 10:30:22.932 +0100 ERROR ExecProcessor [7088 ExecProcessor] - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"" splunk-winPrintMon - monitorHost::ProcessRefresh: Failed ProcessRefresh: error = '0x800706ba'. Restart.
03-14-2024 10:30:22.707 +0100 ERROR ExecProcessor [7088 ExecProcessor] - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"" splunk-winPrintMon - monitorHost::ProcessRefresh: Failed ProcessRefresh: error = '0x800706ba'. Restart.
03-14-2024 10:30:22.407 +0100 ERROR ExecProcessor [7088 ExecProcessor] - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"" splunk-winPrintMon - monitorHost::ProcessRefresh: Failed ProcessRefresh: error = '0x800706ba'. Restart.
Here inputs.conf
###### Print monitoring ######
[WinPrintMon://printer]
type = printer
interval = 600
baseline = 1
disabled = 0
index=idx_xxxx_windows
[WinPrintMon://job]
type = job
interval = 600
baseline = 1
disabled = 0
index=idx_xxxx_windows
[WinPrintMon://driver]
type = driver
interval = 600
baseline = 1
disabled = 0
index=idx_xxxx_windows
[WinPrintMon://port]
type = port
interval = 600
baseline = 1
disabled = 0
index=idx_xxxx_windows
Thanks a lot,
Edaordo
Get Updates on the Splunk Community!
Index This | I’m short for "configuration file.” What am I?
May 2024 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with a Special ...
New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Your Guide to SPL2 at .conf24!
So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...
