All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How do I disable monitor input?

evinasco
Communicator
‎10-22-2018 11:36 AM

Hi team

i am trying to disable monitor input from Splunk TA Office 365 through the CLI command.

[splunk_ta_o365_management_activity://ACP_General_Audit]
content_type = Audit.General
index = idx_acp_azure_ad
interval = 660
tenant_name = Office365_ACP
start_by_shell = false
disabled = 0

Splunk edit monitor splunk_ta_o365_management_activity://ACP_General_Audit -disabled 1

but, splunk shows me an error

Cannot edit input "/opt/splunk/etc/apps/splunk_ta_o365/local/splunk_ta_o365_management_activity:/ACP_General_Audit", no input exists with that name.

How can i disable this input??

Regards

0 Karma
Reply

lqiao2
Path Finder
‎10-22-2018 12:17 PM

Hi,

splunk edit monitor CLI edits monitored directory inputs.

The input in the Splunk Add-on for Microsoft Office 365 is a modular input, not a monitor input. So you can not use splunk edit monitor to disable it.

To disable it, there are three ways:
1. you can open the inputs.conf and put disabled=1 under the stanza
2. go to the Web UI -> Settings - Data Inputs -> Microsoft Office 365 Message Trace -> Disable
3. go to the Web UI then go to the Microsoft Office 365 Reporting Add-on for Splunk -> Inputs -> Action -> Disable

Hope it helps.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...