All Apps and Add-ons

How do I disable monitor input?

evinasco
Communicator

Hi team

i am trying to disable monitor input from Splunk TA Office 365 through the CLI command.

[splunk_ta_o365_management_activity://ACP_General_Audit]
content_type = Audit.General
index = idx_acp_azure_ad
interval = 660
tenant_name = Office365_ACP
start_by_shell = false
disabled = 0

Splunk edit monitor splunk_ta_o365_management_activity://ACP_General_Audit -disabled 1

but, splunk shows me an error

Cannot edit input "/opt/splunk/etc/apps/splunk_ta_o365/local/splunk_ta_o365_management_activity:/ACP_General_Audit", no input exists with that name.

How can i disable this input??

Regards

0 Karma

lqiao2
Path Finder

Hi,

splunk edit monitor CLI edits monitored directory inputs.

The input in the Splunk Add-on for Microsoft Office 365 is a modular input, not a monitor input. So you can not use splunk edit monitor to disable it.

To disable it, there are three ways:
1. you can open the inputs.conf and put disabled=1 under the stanza
2. go to the Web UI -> Settings - Data Inputs -> Microsoft Office 365 Message Trace -> Disable
3. go to the Web UI then go to the Microsoft Office 365 Reporting Add-on for Splunk -> Inputs -> Action -> Disable

Hope it helps.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...