All Apps and Add-ons

How do I stop monitoring /etc

Path Finder

We want to stop monitoring of /etc but it seems the /local/inputs.conf is dynamically created. What do I need to do to stop that being monitored.

0 Karma


Thats weird because splunk won't create a local inputs unless you add a new input. Unless you're referring to its own logs. Sure it brings a default inputs targeting its own logs. Are this the one you want to stop monitoring?

Regardless, you can check whatever splunk is applying for all inputs.conf files by using btool.
./splunk btool inputs list --debug

if you want to disable on input that is available in default you can just use the same stanza (e.g [something_something] ) in local inputs.conf with disabled = true

Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...