Getting Data In

Stop Splunk Forwarder when log limit reached

nebel
Communicator

Hi there,

is there a way to stop a Splunk Forwarder when its sending more then for instance 2 GB ?
From a SearchHead I could configure an alert which appear if a Forwarder logs more than 2 GB. But after appearing the alert, is there a way to stop the Splunk Forwarder deamon via REST API or start a other script which can stop the Forwarder via Port 8089 ?
The problem is I just can reach the known ports, I can not access via SSH to the Forwarders.

Thank you

Regards

Tags (2)
0 Karma
1 Solution

nebel
Communicator

Hi,

I solved the problem with using limits.conf (max troughput).

greetings

View solution in original post

0 Karma

nebel
Communicator

Hi,

I solved the problem with using limits.conf (max troughput).

greetings

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Introducing ITSI 5.0: Unified Visibility and Actionable Insights

Introducing ITSI 5.0: Unified Visibility and Actionable Insights Tuesday, July 21, 2026  |  10:00AM PT / ...

Inside Splunk Agent Observability: Understanding Agent Behavior, Tokens & Costs

Inside Splunk Agent Observability:Understanding Agent Behavior, Tokens & Costs Thursday, August 06, ...

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...