Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can local hosts-file be used instead of reverse DNS

thoree
Explorer
‎05-28-2013 11:48 PM

Hi,

My Splunk-server receives syslogs from a number of devices that are not registered in reverse dns, therefore the events in Splunk shows the ipaddress, not the hostname. Is it possible to configure Splunk to use its local hosts-file to resolve the names? So that I can register all the devises in the local hosts-file to resolve the problem?

Tags (2)
0 Karma
Reply

tgow
Splunk Employee
Splunk Employee
‎05-29-2013 02:15 AM

This is typically configured on the OS of the system on the order of name resolution. If you configure the following on the inputs.conf file for the syslog input:

[udp://<remote server>:<port>]
connection_host = dns

The /etc/nsswitch.conf file has the order information for name resolution. Here is an example:

hosts: dns files

The gethostbyname library will look first to resolve the name with dns and if it does not find an answer then it will look at the local /etc/hosts next.

Hope this helps.

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...