All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I stop monitoring /etc

lukessi
Path Finder
‎09-10-2019 09:51 AM

We want to stop monitoring of /etc but it seems the /local/inputs.conf is dynamically created. What do I need to do to stop that being monitored.

0 Karma
Reply

diogofgm
SplunkTrust
SplunkTrust
‎09-10-2019 10:06 AM

Thats weird because splunk won't create a local inputs unless you add a new input. Unless you're referring to its own logs. Sure it brings a default inputs targeting its own logs. Are this the one you want to stop monitoring?

Regardless, you can check whatever splunk is applying for all inputs.conf files by using btool.
./splunk btool inputs list --debug

if you want to disable on input that is available in default you can just use the same stanza (e.g [something_something] ) in local inputs.conf with disabled = true

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...