Re: How to use "remove monitor" to remove security...

aywong · ‎10-17-2012

When I had initiall installed my forwarder I selected "security" as one of my inputs. Now I want to remove this as an input but when I type "list monitor" I don't know which input refers to the security one.

yuvkca4 · ‎02-14-2021

pretty old topic, but might be useful to someone:

$SPLUNK_HOME/etc/apps/search/local/inputs.conf

Mostafiz07 · ‎04-25-2016

By following proper guidelines you can solve your problem.

gebr · ‎07-19-2016

I downvoted this post because not helpful

scuilion · ‎04-25-2016

I downvoted this post because not productive

scuilion · ‎04-25-2016

/bin/splunk remove monitor /name/of/previous/monitor

sdaniels · ‎10-30-2012

Just go to the inputs.conf file on the forwarder and look at the monitor settings. Remove what you don't want from the file and restart Splunk. See the link below.

http://docs.splunk.com/Documentation/Splunk/5.0/Data/Editinputs.conf

sdaniels · ‎11-01-2012

It must be located in another inputs.conf. Take a look at those as well.

http://docs.splunk.com/Documentation/Splunk/5.0/admin/Aboutconfigurationfiles

anoopambli · ‎10-31-2012

I checked inputs.conf file under $SPLUNK_HOME/etc/system/local/ but dont see any reference for Application eventlog. Am i looking at the right inputs.conf file?

anoopambli · ‎10-30-2012

I have the same issue, while installing the forwarder i have selected application and system eventlog as input and now i dont need that anymore. What needs to be done to stop sending the eventlog data to indexer?

How to use "remove monitor" to remove security event logs from my inputs

Splunk Custom Visualizations App End of Life

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk