HI, splunker,
I'm using Splunk_TA_nix, monitoring /var/log, and my problem is that different event types in this directory are assigned different hosts, for example
The first eventtype , /var/log/messages, host is "aaabbb"
“Aug 2 12:28:26 aaabbb systemd: Removed slice User Slice of pcp.”
The name of the host is extracted from the event
Another eventtype : /var/log/secure,host is ”CCCDDDD“
“Aug 2 08:25:42 aaabbb sshd[53313]: Accepted password for root from 192.168.3.145 port 55419 ssh2“
the host is "CCCDDD" ,which coming from splunk's default host name
Please tell me how to set up a unified host name for this Add-on, using splunk's default host name CCCDDD