to disable eStreamer input, you have to disable Splunk inputs for this App, there are two ways:
If you receive also logs using syslog, remember to disable this in your CISCO interface.
My goal isn't to disable the input. The input generates log files on its operations as well as indexing data from FireSIGHT. I want the FireSIGHT data, but not the hundreds of megs of the inputs operational logs...
you have to chose the logs you want to discard, find the correct regex and then filter your data using the regex:
[your_sourcetype] TRANSFORMS-null= setnull
[setnull] REGEX = your_regex DEST_KEY = queue FORMAT = nullQueue
and restart Splunk