As one of our servers is decommissioned, we need to turn off the logging from that particular host. Please kindly help us in doing this.
for temporary turn off the data logging from a particular host, we can turn off the splunk process -
$SPLUNK_HOME/splunk stop
as host is decommissioned, you can uninstall the universal forwarder
If you configured the universal forwarder to start on boot, remove it from your boot scripts before you uninstall.
cd $SPLUNK_HOME
./splunk disable boot-start
Stop the forwarder.
./splunk stop
Uninstall the universal forwarder with your package management utilities
RedHat Linux
rpm -e splunk_product_name
Debian Linux
dpkg -r splunkforwarder
https://docs.splunk.com/Documentation/Forwarder/6.4.3/Forwarder/Uninstalltheuniversalforwarder
One option would to be blacklist the host serverclass.conf on Deployment server so that it doesn't receive any data input configuration and doesn't monitor/logs any data. The decommissioning should take care of the un-install anyways.
for temporary turn off the data logging from a particular host, we can turn off the splunk process -
$SPLUNK_HOME/splunk stop
as host is decommissioned, you can uninstall the universal forwarder
If you configured the universal forwarder to start on boot, remove it from your boot scripts before you uninstall.
cd $SPLUNK_HOME
./splunk disable boot-start
Stop the forwarder.
./splunk stop
Uninstall the universal forwarder with your package management utilities
RedHat Linux
rpm -e splunk_product_name
Debian Linux
dpkg -r splunkforwarder
https://docs.splunk.com/Documentation/Forwarder/6.4.3/Forwarder/Uninstalltheuniversalforwarder
Thanks I did it . logging stopped
Stop Splunk running on the server.