All Apps and Add-ons

How do I stop monitoring /etc

lukessi
Path Finder

We want to stop monitoring of /etc but it seems the /local/inputs.conf is dynamically created. What do I need to do to stop that being monitored.

0 Karma

diogofgm
SplunkTrust
SplunkTrust

Thats weird because splunk won't create a local inputs unless you add a new input. Unless you're referring to its own logs. Sure it brings a default inputs targeting its own logs. Are this the one you want to stop monitoring?

Regardless, you can check whatever splunk is applying for all inputs.conf files by using btool.
./splunk btool inputs list --debug

if you want to disable on input that is available in default you can just use the same stanza (e.g [something_something] ) in local inputs.conf with disabled = true

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...