All Apps and Add-ons

Splunk App for Unix and Linux: How to ignore the logs of my single instance?

paola92
Explorer

I have a single instance in CentOS 7 and I am interested in receiving and analyzing logs of my Linux server. But when I installed the Splunk App for Unix and Linux in my single instance, I exceeded my license because I received all logs of my Splunk. So I need to know, how to ignore the logs of my single instance Splunk?

0 Karma
1 Solution

somesoni2
SplunkTrust
SplunkTrust

The unix app will have an inputs.conf in it (look at location $Splunk_Home/etc/apps/splunk_app_for_nix/local). YOu can disable inputs by setting disabled = 1 for all the input stanza you want to disable. YOu can also do the same via Splunk Web UI (from Settings->Data Inputs or from the app itself).

View solution in original post

0 Karma

somesoni2
SplunkTrust
SplunkTrust

The unix app will have an inputs.conf in it (look at location $Splunk_Home/etc/apps/splunk_app_for_nix/local). YOu can disable inputs by setting disabled = 1 for all the input stanza you want to disable. YOu can also do the same via Splunk Web UI (from Settings->Data Inputs or from the app itself).

0 Karma

paola92
Explorer

But if I disable all inputs I will received logs of the other forwarders?

0 Karma

paola92
Explorer

I disable all inputs but I do not see logs but if I realized a capture with tcpdump i see that the packets is getting in the server.

0 Karma

somesoni2
SplunkTrust
SplunkTrust

Yes... It'll only disable logging for current servers (whose inputs.conf you're updating).

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...