Re: Fully disable perfmon

mavilla · ‎01-23-2020

Hello all,

I am trying to fully disable perfmon from our splunk instance as we don not use this data to monitor any of the hosts. I have disabled the setting in Splunk Web and have the data is still there when I run the query to search for perfmon data. I've read on older posts on how to disable this feature, however, I do not have the Splunk_TA for windows folder as I've never had the app to use the perfmon data. Any other guidance on how to fully disable this feature?

Thanks

jscraig2006 · ‎01-23-2020

Are there UF that have the app installed? Also you might want to check SPLUNK_HOME/etc/system/local. If there is an inputs.conf with the stanza's in there.

mavilla · ‎01-23-2020

there shouldn't be any UF with the app installed no

jscraig2006 · ‎01-23-2020

Sorry i edited my comment as you posted.. check SPLUNK_HOME/etc/system/local. If there is an inputs.conf with the stanza's in there

mavilla · ‎01-23-2020

there is not a stanza for this in that file

jscraig2006 · ‎01-23-2020

do you have the Splunk_TA_microsoft_ad app installed? Run this command on on of the universal forwarder that is sending the data.

.\splunk.exe cmd btool inputs list --debug

mavilla · ‎01-24-2020

I do not have this app installed either

Fully disable perfmon

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Fully disable perfmon

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!