Getting Data In

WMI:WinEventLog:Security - make it stop

Contributor

Hey all,

How do I turn off the local windows splunk server from logging:

S-SPLUNK.domain.com     WMI:WinEventLog:Security    40653200

This is a copy of the index size it's used in 24 hours, which is 40M. -- significant. I want to disable it. Nothing seems to. I've removed the local monitoring, remote monitoring, etc.

Something else is keeping this active that I cannot see in the GUI, I believe.

Tags (2)
0 Karma
1 Solution

Motivator

do you have a wmi.conf somewhere in splunk ? if yes just rename it wmi.conf.old

View solution in original post

0 Karma

Motivator

do you have a wmi.conf somewhere in splunk ? if yes just rename it wmi.conf.old

View solution in original post

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!