Hopefully, a easy question here.
Just setup a universal forwarder on My linux machine. I installed it just fine and did a test by specifying a monitor of /var/log/secure, just to ensure everything works.
Well it does perfectly.
My question now is, how do I delete that monitor? I was looking at the inputs.conf and outputs.conf in 'local' (says to leave the defaults alone), but I dont see anything in there.
Am I missing something?
Also, is there a way to list the monitors you have setup using the CLI?
Thx
For listing inputs from the CLI, you can use this:
./bin/splunk cmd btool inputs list
or this:
./bin/splunk list monitor
For deleting a monitor, either delete or comment out the stanza from inputs.conf (if the file in local says to be left alone, someone probably copied over the file from defaults including that notice) or use the CLI:
./bin/splunk remove monitor "path goes here"