https://community.splunk.com/t5/Getting-Data-In/Setting-host-to-hostname-vs-IP-address/m-p/107358#M22575 <P>I had the same problem, even if I told it not to. It sorta double dips your hostnames, especially if you already had the hostname show up prior to enabling syslog.</P> Fri, 26 Apr 2013 20:22:18 GMT gnovak 2013-04-26T20:22:18Z https://community.splunk.com/t5/Getting-Data-In/Setting-host-to-hostname-vs-IP-address/m-p/107357#M22574 <P>I have different devices sending data via syslog. </P> <P>Current Stanza Example:</P> <PRE><CODE>[udp//IP:PORT] host = hostname sourcetype = syslog </CODE></PRE> <P>However, events still show up as host = ip address. Is there another place to do this?</P> Fri, 26 Apr 2013 15:12:20 GMT https://community.splunk.com/t5/Getting-Data-In/Setting-host-to-hostname-vs-IP-address/m-p/107357#M22574 agodoy 2013-04-26T15:12:20Z https://community.splunk.com/t5/Getting-Data-In/Setting-host-to-hostname-vs-IP-address/m-p/107358#M22575 <P>I had the same problem, even if I told it not to. It sorta double dips your hostnames, especially if you already had the hostname show up prior to enabling syslog.</P> Fri, 26 Apr 2013 20:22:18 GMT https://community.splunk.com/t5/Getting-Data-In/Setting-host-to-hostname-vs-IP-address/m-p/107358#M22575 gnovak 2013-04-26T20:22:18Z https://community.splunk.com/t5/Getting-Data-In/Setting-host-to-hostname-vs-IP-address/m-p/107359#M22576 <P>It seems that the process is not as straight forward as I thought for syslog devices.</P> <P>See this blog post:</P> <P><A href="http://blogs.splunk.com/2008/04/16/overriding-default-syslog-host-extraction/">http://blogs.splunk.com/2008/04/16/overriding-default-syslog-host-extraction/</A></P> <P>Now trying to figure out how to do this in a Cluster.</P> Fri, 28 Jun 2013 19:23:37 GMT https://community.splunk.com/t5/Getting-Data-In/Setting-host-to-hostname-vs-IP-address/m-p/107359#M22576 agodoy 2013-06-28T19:23:37Z