New to Splunk, I set the local machine as source.
So how do I edit/remove sources, including local machine?
Thanks in advance.
You can hardcode any values that you like in the inputs.conf
file on the forwarder. To change the host
value, just add this:
host = <value that you prefer>
It is very unclear what you really mean/need.
Woodcock:
Splunk was installed on my laptop.
Settings - Add Data - Monitor - Local Windows host monitoring.
How do I disable local Windows host monitoring?
Settings > Data Inputs > [Data Input] > Disable button
You'll normally find it under Files & Directories
after Data Inputs
, but it depends on how you set it up
Where is the forwarder found on the local machine?
Is the data internal (index=_*) or custom data inputs?
If this is a remote machine, you can simply turn off the SplunkForwarder
service. If you need Splunk to continue running (if it's a part of SplunkD aka the full Splunk instance), add this line to $SPLUNK_HOME\etc\system\local\inputs.conf
to disable all monitoring:
[default]
disabled = true
Thank you Jacob, but I am not sure where to find "data internal (index=_*) or custom data inputs?" information at.
I'm replying to your other comment since it has more information.
I'm not sure what you are asking, but you can probably start here: https://docs.splunk.com/Documentation/Splunk/latest/Admin/inputsConf
Maybe I am confused as to how Splunk works? Does slunk only access the local system logs when requested?
I thought this was a type of active monitoring, or maybe not?
By default, Splunk only monitors itself. If you want that turned off, you can just stop the splunk instance by running:
$SPLUNK_HOME\bin\splunk stop
Are you on Linux or Windows?
Windows 10.
The indexing is what I do not understand. With Splunk open and no searches entered, the What to Search box continues to index events. Every few seconds the number of indexed events continues to go up.
So as long as Splunk is open it is collecting data from sources?
Thank You Jacob.
Splunk is indexing data from the local machine. How do I stop it?
This is a windows 10 machine.