Anyone have the directions handy to disable splunk stream on a particular server? Is it done via the splunk stream app?
I want to disable it in a way that the service will not start up when the server reboots.
This is default group that catches forwarders if no other group matches.
You should create a new group and move your stream setups to new one. Setup match forwarders regex to match only your server that you want. This will be your active configuration point.
Default group should not contain any stream. Your unwanted server will be seen under this default group and does not listen any stream.
You can remove that particular server from Forwarder groups on Splunk Stream App | Distributed Forwarder Management.
Streamfwd service will start but not start listening.
Within the Stream app < configuration < distributed forwarder management < There is a default group and MATCHED FORWARDERS but that link is not editable.
How are you deploying the Splunk Stream app to your servers? Are you using a deployment server? If so, you could try removing your server from the server class that deploys this app. I guess this would uninstall the Splunk Stream app from the server.