Getting Data In

WMI:WinEventLog:Security - make it stop

Contributor

Hey all,

How do I turn off the local windows splunk server from logging:

S-SPLUNK.domain.com     WMI:WinEventLog:Security    40653200

This is a copy of the index size it's used in 24 hours, which is 40M. -- significant. I want to disable it. Nothing seems to. I've removed the local monitoring, remote monitoring, etc.

Something else is keeping this active that I cannot see in the GUI, I believe.

Tags (2)
0 Karma
1 Solution

Motivator

do you have a wmi.conf somewhere in splunk ? if yes just rename it wmi.conf.old

View solution in original post

0 Karma

Motivator

do you have a wmi.conf somewhere in splunk ? if yes just rename it wmi.conf.old

View solution in original post

0 Karma