Re: How to disable processes run frequently by Spl... - Page 2

lrhazi · ‎03-21-2017

I see that these commands are executed every minute:

splunk-powershell.exe
splunk-winprintmon.exe
splunk-regmon.exe
splunk-netmon.exe
splunk-admon.exe
splunk-MonitorNoHandle.exe

The first one actually twice per minute.

Is there a way to disable these? are these some scripted inputs? I cannot locate them in the config.

I tried adding this for example to my config, but did not seem to change the anything:

[WinNetMon]
disabled = 1
[WinPrintMon]
disabled = 1
[WinRegMon]
disabled = 1

lrhazi · ‎03-21-2017

C:\Program Files\SplunkUniversalForwarder\bin>.\splunk version
Splunk Universal Forwarder 6.5.1 (build f74036626f0c)

lrhazi · ‎03-21-2017

I did add Splunk_TA_windows app, but then realized that even if I remove it and restart the service, these programs continue to run just as frequently....

mattymo · ‎03-21-2017

yeah it looks as if the process spins up just to realize it doesn't have to run.

- MattyMo

lrhazi · ‎03-21-2017

That would makes sense indeed. Thanks.
I hope someone figured out how to disable this behavior...

How to disable processes run frequently by Splunk universal forwarder?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms