How do I disable this app without losing data? This app has hijacked my syslog, that was configured to go into a different index. I want my syslog back. Also, it only works with specific FiOS equipment. It should better named to avoid this confusion. Nothing on the main page specified FiOS only.
Hi AzJimbo,
either set in the apps local
directory, in the app.conf
file:
[install]
state = disabled
and restart Splunk or go inside the UI to
http[s]://Yoursplunkserver:[yourport]/manager/search/apps/local
and click on disable
on the apps line.
hope this helps ...
cheers, MuS
Hi AzJimbo,
either set in the apps local
directory, in the app.conf
file:
[install]
state = disabled
and restart Splunk or go inside the UI to
http[s]://Yoursplunkserver:[yourport]/manager/search/apps/local
and click on disable
on the apps line.
hope this helps ...
cheers, MuS
Thanks MuS - The disable in the UI wasn't enabled. I figured it out - I had to go into the data input and repoint the syslog inputs (UDP & TCP) back to the main index. Luckily, my custom field extractions were re-enabled. Once I repointed the data inputs, the 'disable' option in the apps tab was there.