Solved: Re: disable all inputs

sassens1 · ‎05-12-2017

Hello,

I'd like to disable all the input on the Splunk_TA_microsoft_ad, is there a handy way to do this?
for example a local inputs.conf with

[perfmon:*]
disabled = 1

[powershell:*]
disabled = 1

[script:]
disabled = 1

[WinEventLog:]
disabled = 1

will do the trick?

ckunath · ‎05-12-2017

Hi sassens,

if the stanzas are predefined by the app and disabled is 0 on default, changing them to 1 will do the trick.

ckunath · ‎05-12-2017

Hi sassens,

if the stanzas are predefined by the app and disabled is 0 on default, changing them to 1 will do the trick.

sassens1 · ‎05-12-2017

Hi,

ok regarding the stanzas they are more like
[WinEventLog://Directory Service]
[powershell://AD-Health]
and so on.

I'm not sure about the * and I don't have any server to test so if you can confirm the syntax?
thanks

ckunath · ‎05-12-2017

The correct syntax in that regard would be
[WinEventLog://*]

Don't forget the two forward-slashes before putting the asteriks for all

disable all inputs