Solved: Re: Huge logs not getting stopped

udayk1 · ‎04-30-2014

We have one server which sends many logs say per hour 4000 logs which are not required i.e. event ID of 560 and 562. As we don't want these logs we have disabled the auditing in the respective server, since it was of no luck we were still receiving the logs.
Post which we disabled and uninstalled Splunk Forwarder, uninstalled the respective software which sends logs to Splunk and also we are seeing huge logs of that particular server. Anywhere else we need to disable?

udayk1 · ‎05-01-2014

This has been solved.

View solution in original post

splunker12er · ‎05-04-2014

Not at all possible. when a software doesnt exit/uninstalled how can it do its job ?!

udayk1 · ‎05-01-2014

This has been solved.

davidpaper · ‎05-04-2014

What was the solution?

Ayn · ‎05-01-2014

Do you mean that you're still seeing new events from this server despite that you have inactivated these events and also uninstalled the forwarder there? That seems...highly unlikely unless you did something seriously wrong...

udayk1 · ‎04-30-2014

Sorry it is not 4000 per hour, it is per minute

Huge logs not getting stopped

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation