I have a default inputs.conf configuration in splunk server as below. [batch:///source=/opt/splunk/var/spool/splunk/] move_policy = sinkhole
Can I disable it will it have any adverse affect to my splunk server. The thing is there are some sample logs coming into this directory and we are unable find the script or the guy who is doing it. Also can I put disable=true in this stanza will it work or should I comment the entire thing.
Regards, Harish