Solved: Huge logs not getting stopped

udayk1 · ‎04-30-2014

We have one server which sends many logs say per hour 4000 logs which are not required i.e. event ID of 560 and 562. As we don't want these logs we have disabled the auditing in the respective server, since it was of no luck we were still receiving the logs.
Post which we disabled and uninstalled Splunk Forwarder, uninstalled the respective software which sends logs to Splunk and also we are seeing huge logs of that particular server. Anywhere else we need to disable?

udayk1 · ‎05-01-2014

This has been solved.

View solution in original post

splunker12er · ‎05-04-2014

Not at all possible. when a software doesnt exit/uninstalled how can it do its job ?!

udayk1 · ‎05-01-2014

This has been solved.

davidpaper · ‎05-04-2014

What was the solution?

Ayn · ‎05-01-2014

Do you mean that you're still seeing new events from this server despite that you have inactivated these events and also uninstalled the forwarder there? That seems...highly unlikely unless you did something seriously wrong...

udayk1 · ‎04-30-2014

Sorry it is not 4000 per hour, it is per minute

Huge logs not getting stopped

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!