All Apps and Add-ons

How do I unify Splunk_TA_nix host naming conventions


HI, splunker,


I'm using Splunk_TA_nix, monitoring /var/log, and my problem is that different event types in this directory are assigned different hosts, for example

The first eventtype , /var/log/messages, host is "aaabbb"
“Aug 2 12:28:26 aaabbb systemd: Removed slice User Slice of pcp.”
The name of the host is extracted from the event

Another eventtype : /var/log/secure,host is ”CCCDDDD
“Aug 2 08:25:42 aaabbb sshd[53313]: Accepted password for root from port 55419 ssh2“
the host is "CCCDDD" ,which coming from splunk's default host name

Please tell me how to set up a unified host name for this Add-on, using splunk's default host name CCCDDD

Labels (1)
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!