Re: Fully disable perfmon

mavilla · ‎01-23-2020

Hello all,

I am trying to fully disable perfmon from our splunk instance as we don not use this data to monitor any of the hosts. I have disabled the setting in Splunk Web and have the data is still there when I run the query to search for perfmon data. I've read on older posts on how to disable this feature, however, I do not have the Splunk_TA for windows folder as I've never had the app to use the perfmon data. Any other guidance on how to fully disable this feature?

Thanks

jscraig2006 · ‎01-23-2020

Are there UF that have the app installed? Also you might want to check SPLUNK_HOME/etc/system/local. If there is an inputs.conf with the stanza's in there.

mavilla · ‎01-23-2020

there shouldn't be any UF with the app installed no

jscraig2006 · ‎01-23-2020

Sorry i edited my comment as you posted.. check SPLUNK_HOME/etc/system/local. If there is an inputs.conf with the stanza's in there

mavilla · ‎01-23-2020

there is not a stanza for this in that file

jscraig2006 · ‎01-23-2020

do you have the Splunk_TA_microsoft_ad app installed? Run this command on on of the universal forwarder that is sending the data.

.\splunk.exe cmd btool inputs list --debug

mavilla · ‎01-24-2020

I do not have this app installed either

Fully disable perfmon

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!