Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

set hostname

gcusello
Esteemed Legend
‎11-25-2016 05:24 AM

Hi at all,
I have to create an Heartbeat Alert that contains three fields:

  • TimeStamp,
  • HostName
  • Message My problem is HostName because I have a Search Head Cluster with three SH, so I cannot use a fixed value and I don't know how to set in a search the value of the present SH that is executing the search. Is there a way to do this?

Thank You.
Bye.
Giuseppe

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎11-25-2016 06:08 AM

You can use $server.serverName$ in the email alert settings: http://docs.splunk.com/Documentation/Splunk/6.5.1/Alert/EmailNotificationTokens#Server_tokens

In an actual search, you can use | rest splunk_server=local /services/server/info to grab the search head you're running on.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎11-25-2016 06:08 AM

You can use $server.serverName$ in the email alert settings: http://docs.splunk.com/Documentation/Splunk/6.5.1/Alert/EmailNotificationTokens#Server_tokens

In an actual search, you can use | rest splunk_server=local /services/server/info to grab the search head you're running on.

0 Karma
Reply
Solved! Jump to solution

gcusello
Esteemed Legend
‎11-25-2016 06:15 AM

Thank you, your rest command answers to my question.
Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...