Hey all,
How do I turn off the local windows splunk server from logging:
S-SPLUNK.domain.com WMI:WinEventLog:Security 40653200
This is a copy of the index size it's used in 24 hours, which is 40M. -- significant. I want to disable it. Nothing seems to. I've removed the local monitoring, remote monitoring, etc.
Something else is keeping this active that I cannot see in the GUI, I believe.
do you have a wmi.conf somewhere in splunk ? if yes just rename it wmi.conf.old
do you have a wmi.conf somewhere in splunk ? if yes just rename it wmi.conf.old