<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Host name incorrect for Cherwell input. How do we configure Splunk to use the FQDN for host? in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Host-name-incorrect-for-Cherwell-input-How-do-we-configure/m-p/239405#M46532</link>
    <description>&lt;P&gt;Hi Peter,&lt;BR /&gt;
I am assuming your Cherwell servers have been configured to log to Splunk &lt;A href="https://cherwellsupport.com/webhelp/es/5.0/19344.htm"&gt;as described here&lt;/A&gt;? &lt;/P&gt;

&lt;P&gt;I don't know how they implemented that integration, likely it is using the &lt;A href="http://docs.splunk.com/Documentation/Splunk/6.4.2/RESTREF/RESTinput#receivers.2Fsimple"&gt;receivers/simple&lt;/A&gt; endpoint (which, btw, is not recommended for any kind of high volume logging. But that's a different story...).&lt;BR /&gt;
That endpoint expects a host name in the request parameters, so this would have to be set in Cherwell code.&lt;/P&gt;

&lt;P&gt;Having said that, it is likely a result of the hosts that run Cherwell not returning a FQDN when asked for their hostname. I would start with the server admins of those boxes.&lt;/P&gt;</description>
    <pubDate>Thu, 18 Aug 2016 08:20:21 GMT</pubDate>
    <dc:creator>s2_splunk</dc:creator>
    <dc:date>2016-08-18T08:20:21Z</dc:date>
    <item>
      <title>Host name incorrect for Cherwell input. How do we configure Splunk to use the FQDN for host?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Host-name-incorrect-for-Cherwell-input-How-do-we-configure/m-p/239404#M46531</link>
      <description>&lt;P&gt;Hello,&lt;/P&gt;

&lt;P&gt;We have configured a number of our Cherwell servers to send data to Splunk on our Management port 89 ( default 8089 ). Issue is we have a few servers with the same name in different domains, so we need the host to be the FQDN, host.domain.com. Where or how would I set this? Is this a global setting? is that port considered an input and I can set a connect_host for it?&lt;/P&gt;

&lt;P&gt;Thanks, &lt;BR /&gt;
Peter&lt;/P&gt;

&lt;P&gt;{ [-] &lt;BR /&gt;
    Level:  WARN &lt;BR /&gt;
    Message:  Duplicate script key being added with key: [postInitMenu]; value: []; type: [Startup] &lt;BR /&gt;
    ThreadName:  Thread_22 &lt;BR /&gt;
    TimeStamp:  2016-08-17T15:29:23.9734481-04:00 &lt;BR /&gt;
    pid:  4288 &lt;BR /&gt;
}&lt;BR /&gt;
Show as raw text&lt;BR /&gt;
host = &lt;STRONG&gt;CWAPP01&lt;/STRONG&gt; source = w3wp sourcetype = Cherwell&lt;/P&gt;</description>
      <pubDate>Wed, 17 Aug 2016 19:53:13 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Host-name-incorrect-for-Cherwell-input-How-do-we-configure/m-p/239404#M46531</guid>
      <dc:creator>pkasper</dc:creator>
      <dc:date>2016-08-17T19:53:13Z</dc:date>
    </item>
    <item>
      <title>Re: Host name incorrect for Cherwell input. How do we configure Splunk to use the FQDN for host?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Host-name-incorrect-for-Cherwell-input-How-do-we-configure/m-p/239405#M46532</link>
      <description>&lt;P&gt;Hi Peter,&lt;BR /&gt;
I am assuming your Cherwell servers have been configured to log to Splunk &lt;A href="https://cherwellsupport.com/webhelp/es/5.0/19344.htm"&gt;as described here&lt;/A&gt;? &lt;/P&gt;

&lt;P&gt;I don't know how they implemented that integration, likely it is using the &lt;A href="http://docs.splunk.com/Documentation/Splunk/6.4.2/RESTREF/RESTinput#receivers.2Fsimple"&gt;receivers/simple&lt;/A&gt; endpoint (which, btw, is not recommended for any kind of high volume logging. But that's a different story...).&lt;BR /&gt;
That endpoint expects a host name in the request parameters, so this would have to be set in Cherwell code.&lt;/P&gt;

&lt;P&gt;Having said that, it is likely a result of the hosts that run Cherwell not returning a FQDN when asked for their hostname. I would start with the server admins of those boxes.&lt;/P&gt;</description>
      <pubDate>Thu, 18 Aug 2016 08:20:21 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Host-name-incorrect-for-Cherwell-input-How-do-we-configure/m-p/239405#M46532</guid>
      <dc:creator>s2_splunk</dc:creator>
      <dc:date>2016-08-18T08:20:21Z</dc:date>
    </item>
    <item>
      <title>Re: Host name incorrect for Cherwell input. How do we configure Splunk to use the FQDN for host?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Host-name-incorrect-for-Cherwell-input-How-do-we-configure/m-p/239406#M46533</link>
      <description>&lt;P&gt;Correct, that is the document, for now it is not a lot of events.&lt;/P&gt;

&lt;P&gt;How does Splunk actually ask for the hostname in this scenario? On the Splunk box i can ping both the long and short name. Does it ping it, or use a script to do a reverse lookup? Can I force it somewhere, like the connection_host parameter?&lt;/P&gt;

&lt;P&gt;Thanks,&lt;BR /&gt;
Peter&lt;/P&gt;</description>
      <pubDate>Thu, 18 Aug 2016 12:50:19 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Host-name-incorrect-for-Cherwell-input-How-do-we-configure/m-p/239406#M46533</guid>
      <dc:creator>pkasper</dc:creator>
      <dc:date>2016-08-18T12:50:19Z</dc:date>
    </item>
  </channel>
</rss>

