Universal forwarder on Windows to monitor a single...

bvoros · ‎11-28-2013

Hello All,

I want to set up the universal forwarder on a Windows machine to monitor a single folder without it sending event logs and any other data.

I have just set it up, only entered the folder I want to be monitored but it still sends in heaps of event logs and other stuff I dont want to collect.
How do I turn that off?

So again only the monitored folder, nothing else.

Thanks and best regards,
Bertalan

yannK · ‎11-28-2013

Just purged the unwanted data out of the index, it was stuff collected by the mandatory Windows Technology add on despite not having checked any of the check boxes

Yes, this is happening during the splunk6 install, and the app comes with inputs enabled by default 😞
A solution is to delete the windows TA app from $SPLUNK_HOME\etc\apps\, and restart splunk.

bvoros · ‎11-28-2013

The quick fix is using version 5.

bvoros · ‎11-28-2013

Just purged the unwanted data out of the index, it was stuff collected by the mandatory Windows Technology add on despite not having checked any of the check boxes.

I am using Splunk 6.

lukejadamec · ‎11-28-2013

Can you list the sourcetypes of data coming from the host?

Universal forwarder on Windows to monitor a single folder, nothing else

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life