Splunk Enterprise

How to remove a linux server from SplunkLight search

danieljoleary
New Member

Hello,

I have a server which I no longer want included in my Splunk Search. The context for this is AWS where we are bringing up new servers and decommission existing servers in a blue/green deployment style. We would like to execute a script on the servers to be decommissioned so that they no longer participate in our Splunk configuration.

Here are the commands I use to add a server to our Splunk configuration:

/opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --no-prompt
/opt/splunkforwarder/bin/splunk install app packages/splunkclouduf.spl -auth admin:$SPLUNK_PASSWORD
/opt/splunkforwarder/bin/splunk set deploy-poll input-prd-p-qhc9rkr77cz2.cloud.splunk.com:8089
/opt/splunkforwarder/bin/splunk restart
/opt/splunkforwarder/bin/splunk enable boot-start

What are the commands to remove the server from our Splunk configuration?

Is it as simple as:
/opt/splunkforwarder/bin/splunk stop

Labels (1)
Tags (1)
0 Karma

ivanreis
Builder

If you want to remove splunk agent from your server
1 - If you configured the universal forwarder to start on boot, remove it from your boot scripts before you uninstall.
./splunk disable boot-start

2 - Stop the forwarder
/splunk stop

check this document for further information
https://docs.splunk.com/Documentation/Forwarder/7.3.2/Forwarder/Uninstalltheuniversalforwarder#Prere...

Plus this process, you can blacklist the servers you want to remove on the deployment server accessing the server_class they were setup to. So you can guarantee if someone start the splunk service, splunk will not receive new data.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...