All Apps and Add-ons

How do I disable monitor input?


Hi team

i am trying to disable monitor input from Splunk TA Office 365 through the CLI command.

content_type = Audit.General
index = idx_acp_azure_ad
interval = 660
tenant_name = Office365_ACP
start_by_shell = false
disabled = 0

Splunk edit monitor splunk_ta_o365_management_activity://ACP_General_Audit -disabled 1

but, splunk shows me an error

Cannot edit input "/opt/splunk/etc/apps/splunk_ta_o365/local/splunk_ta_o365_management_activity:/ACP_General_Audit", no input exists with that name.

How can i disable this input??


0 Karma

Path Finder


splunk edit monitor CLI edits monitored directory inputs.

The input in the Splunk Add-on for Microsoft Office 365 is a modular input, not a monitor input. So you can not use splunk edit monitor to disable it.

To disable it, there are three ways:
1. you can open the inputs.conf and put disabled=1 under the stanza
2. go to the Web UI -> Settings - Data Inputs -> Microsoft Office 365 Message Trace -> Disable
3. go to the Web UI then go to the Microsoft Office 365 Reporting Add-on for Splunk -> Inputs -> Action -> Disable

Hope it helps.

0 Karma
Get Updates on the Splunk Community!

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...

Get ready to show some Splunk Certification swagger at .conf24!

Dive into the deep end of data by earning a Splunk Certification at .conf24. We're enticing you again this ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Now On-Demand Join us to learn more about how you can leverage Service Level Objectives (SLOs) and the new ...