Solved: Re: "how to cancel the data source"

johnsmithcy · ‎01-17-2019

the host monitoring keep fetching the CPU data.
I want to cancel the date source

dkeck · ‎01-17-2019

Hi,

depending from where you are getting your data you just have to disable the stanza in inputs.conf on your forwarder to stop it from sending.

View solution in original post

MoniM · ‎01-17-2019

Hi @johnsmithcy,

you can use the below command in CLI:-

sourcetype=my_sourcetype | delete
For more details check this http://www.splunk.com/base/Documentation/4.1.1/Admin/RemovedatafromSplunk

johnsmithcy · ‎01-17-2019

thank you. any graphical interface method?
I am using windows version

MoniM · ‎01-18-2019

Okay, so you can delete your sourcetype by following below steps:-
1. login to your splunk instance and goto settings
2. In data, goto sourcetypes and search for your sorectype(which you created for your "CPU" input).
3. delete that sourcetype.

Let me know if it works.

johnsmithcy · ‎01-18-2019

it works, thx

dkeck · ‎01-17-2019

Hi,

depending from where you are getting your data you just have to disable the stanza in inputs.conf on your forwarder to stop it from sending.

johnsmithcy · ‎01-17-2019

i configure it through "add data"--> "monitor" --> local performance monitoring

dkeck · ‎01-17-2019

Then try to find it under settings-> data inputs -> local Windows or local perfomance monitoring 🙂 than click delete or disable

"how to cancel the data source"

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?