Settings > Data Inputs > [Data Input] > Disable button
You'll normally find it under
Files & Directories after
Data Inputs, but it depends on how you set it up
Is the data internal (index=_*) or custom data inputs?
If this is a remote machine, you can simply turn off the
SplunkForwarder service. If you need Splunk to continue running (if it's a part of SplunkD aka the full Splunk instance), add this line to
$SPLUNK_HOME\etc\system\local\inputs.conf to disable all monitoring:
[default] disabled = true
I'm replying to your other comment since it has more information.
I'm not sure what you are asking, but you can probably start here: https://docs.splunk.com/Documentation/Splunk/latest/Admin/inputsConf
By default, Splunk only monitors itself. If you want that turned off, you can just stop the splunk instance by running:
Are you on Linux or Windows?
The indexing is what I do not understand. With Splunk open and no searches entered, the What to Search box continues to index events. Every few seconds the number of indexed events continues to go up.
So as long as Splunk is open it is collecting data from sources?