Stop data collection on Splunk App for Infrastructure
To stop data collection, you can:
- Stop the data collection agents on an entity. Do this if you want to stop data collection temporarily.
- Remove the data collection agents from an entity. Do this if you want to stop data collection permanently.
Follow these steps according to the OS of the entity from which you want to stop collecting data.
You must stop collecting data from an entity before you delete it from the Splunk App for Infrastructure. If you delete an entity but do not stop data collection, the entity will reappear as soon as collectd sends metrics information to the Splunk App for Infrastructure. If you are collecting data from at least 1,000 entities, you must stop sending data from an entity for approximately 10 minutes before you can delete the entity. For every 10,000 entities from which you are collecting data, wait approximately 10 additional minutes before deleting the entity after stopping data collection from it.
Stop data collection on a *nix entity
To stop collecting log data from a *nix entity, see Uninstall the universal forwarder in the Forwarder Manual.
To stop collecting metrics data from an entity in the Splunk App for Infrastructure, you could stop collectd, remove the collectd plug-ins, or remove collectd on your entity.
What you need to stop or remove collectd
The easiest way to stop or remove collectd is with a package manager. The following steps use these package managers according to the entity's operating system:
- OSX: Homebrew (https://brew.sh)
- Centos, Redhat, Fedora: yum (http://yum.baseurl.org)
- SUSE, openSUSE: Zypper (https://en.opensuse.org/Portal:Zypper)
For more information about collectd, see About using collectd.
Stop collectd
Stop collectd so that the entity will no longer send metrics data to the Splunk App for Infrastructure.
To stop collectd on a Linux entity:
$ sudo service collectd stop $ sudo systemctl stop collectd
To stop collectd on an OSX entity:
$ sudo brew services stop collectd
Remove the write_splunk and collectd plug-ins
Remove the plug-ins if you want to stop sending metrics data to the Splunk App for Infrastructure but do not want to remove collectd from your entity.
- Go to the collectd plug-in directory.
- For a Debian, Ubuntu or OSX entity, the default location is
/usr/lib/collectd/. - For a Centos, Redhat, Fedora, SUSE, or openSUSE entity, the default location is
/usr/lib64/collectd/.
- For a Debian, Ubuntu or OSX entity, the default location is
- Delete the
unix-agent/write_splunk.sofile. - Go to the collectd directory. The default location is
/etc/. - Open the
collectd.conffile. - Delete the
Plugin write_splunkplug-in.
Remove collectd
Remove collectd on a Ubuntu or Debian entity:
$ sudo apt-get purge --auto-remove collectd
Remove collectd on a Centos, Redhat, or Fedora entity:
$ sudo yum autoremove collectd
Remove collectd on a SUSE or openSUSE entity:
$ sudo zypper remove --clean-deps collectd
Remove collectd on an OSX entity:
$ brew remove collectd
Stop data collection on a Windows entity
Stop or remove the universal forwarder that's sending log and metrics data to the Splunk App for Infrastructure. For more information, see Uninstall the universal forwarder in the Forwarder Manual.
Stop data collection from your AWS account
You can either deselect data sources that you no longer want to collect from AWS, or remove your AWS account from the Splunk App for Infrastructure to stop data collection.
- From the Splunk App for Infrastructure, go to the Add Data tab.
- Select AWS.
- Complete one of these options:
- In Step 2, deselect the data sources that you no longer want to collect from your AWS account.
- At the top of the page, click Delete this account to remove your AWS account.
| Use custom metric indexes in Splunk App for Infrastructure | Configure alert notifications in Splunk App for Infrastructure |
This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 1.2.3
Download manual
Feedback submitted, thanks!