Can we add additional parameters (IP and hostname)...

akif_kayapinar · ‎12-14-2016

I am kind of new in Splunk and I am curious about something. When I install universal forwarder to a Windows server, it sends only name or ip, and by default, it sends the name of the server (can be configured with inputs.conf file). I also want to add another field that sends the ip of the server. Since not all servers are in domain, I can't find the ip address when I try to lookup from the DNS. The other thing is, since I am not a part of the systems team when i see only IP addresses, it also doesn't tell much to me. So I need both ip and hostname. Can we do it?

lguinn2 · ‎12-14-2016

You can create a lookup table on the search head that will map server names to IP addresses. You can also use the built-in DNS lookup to do something similar.

But you cannot add additional information to the data that the forward sends to the indexers.

akif_kayapinar · ‎12-14-2016

Thank you for the answer. I will try the first one. Since some of the servers are not in domain and dont have a dns record, dns lookup wont do much for me.

Can we add additional parameters (IP and hostname) to the logs which are collected thorough a Windows universal forwarder?

Harnessing Splunk’s Federated Search for Amazon S3

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases