Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Stop Splunk Forwarder when log limit reached

nebel
Communicator
‎08-22-2012 01:11 AM

Hi there,

is there a way to stop a Splunk Forwarder when its sending more then for instance 2 GB ?
From a SearchHead I could configure an alert which appear if a Forwarder logs more than 2 GB. But after appearing the alert, is there a way to stop the Splunk Forwarder deamon via REST API or start a other script which can stop the Forwarder via Port 8089 ?
The problem is I just can reach the known ports, I can not access via SSH to the Forwarders.

Thank you

Regards

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nebel
Communicator
‎08-22-2012 04:01 AM

Hi,

I solved the problem with using limits.conf (max troughput).

greetings

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

nebel
Communicator
‎08-22-2012 04:01 AM

Hi,

I solved the problem with using limits.conf (max troughput).

greetings

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...