Hi,
when I set no_priority_stripping = true the host change from IP Address to Host name when performing a search in splunk. Example Host="10.10.10.170" to Host="ABC-DEVICE"
Before set no_priority_stripping = true in inputs.conf
Below is syslog event send to splunk
2:31:50.000 PM
<134> 1 2019-11-15T14:31:50-08:00 ABC-DEVICE server - - [meta sequenceId="13" enterpriseId="2634.1.17.16" vendorId="WTI"] CPM: ABC-DEVICE, (AUDIT LOG) DATE-TIME: 11/15/19 14:31:50
host = ABC-DEVICE source = udp:514 sourcetype = syslog
After remove set no_priority_stripping = true from inputs.conf
Nov 15 14:07:57 192.168.100.170 1 2019-11-15T14:07:57-08:00 ABC-DEVICE server - - [meta sequenceId="8" enterpriseId="2634.1.17.16" vendorId="WTI"] CPM: ANTHONY-TEST, (AUDIT LOG) DATE-TIME: 11/15/19 14:07:57,
host = 10.10.10.170 source = udp:514 sourcetype = syslog
Anyone have any idea why Splunk Stripping the IP Address and replace it with the Host name instead.