Getting Data In

Forwarder's hostname

khhenderson
Path Finder

What is the best way to change the hostname's of the forwarders (Linux)? We have change our naming convention. I changed the entry in the server.conf (serverName = $HOSTNAME), stopped splunkd and then restarted on the forwarder. I checked the "Deployment Monitor" and the newly renamed machine did not show up. The old name was still in the list. I gave it 20 minutes, no change. The "Current Status" for the old name changed to "missing". I was able to search using the new name. Can someone help with step by step procedures?

1 Solution

briang67
Communicator

Did you try changing the "host = hostname" field in the inputs.conf on the forwarder?

View solution in original post

briang67
Communicator

Did you try changing the "host = hostname" field in the inputs.conf on the forwarder?

briang67
Communicator

khhenderson
Path Finder

There is not a line in my inputs.conf for "host" on the forwarder. It only list the directories to be monitored.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...