Hello All,
I want to set up the universal forwarder on a Windows machine to monitor a single folder without it sending event logs and any other data.
I have just set it up, only entered the folder I want to be monitored but it still sends in heaps of event logs and other stuff I dont want to collect.
How do I turn that off?
So again only the monitored folder, nothing else.
Thanks and best regards,
Bertalan
Just purged the unwanted data out of the index, it was stuff collected by the mandatory Windows Technology add on despite not having checked any of the check boxes
Yes, this is happening during the splunk6 install, and the app comes with inputs enabled by default 😞
A solution is to delete the windows TA app from $SPLUNK_HOME\etc\apps\, and restart splunk.
The quick fix is using version 5.
Just purged the unwanted data out of the index, it was stuff collected by the mandatory Windows Technology add on despite not having checked any of the check boxes.
I am using Splunk 6.
Can you list the sourcetypes of data coming from the host?