Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Host name incorrect for Cherwell input. How do we configure Splunk to use the FQDN for host?

pkasper
Explorer
‎08-17-2016 12:53 PM

Hello,

We have configured a number of our Cherwell servers to send data to Splunk on our Management port 89 ( default 8089 ). Issue is we have a few servers with the same name in different domains, so we need the host to be the FQDN, host.domain.com. Where or how would I set this? Is this a global setting? is that port considered an input and I can set a connect_host for it?

Thanks,
Peter

{ [-]
Level: WARN
Message: Duplicate script key being added with key: [postInitMenu]; value: []; type: [Startup]
ThreadName: Thread_22
TimeStamp: 2016-08-17T15:29:23.9734481-04:00
pid: 4288
}
Show as raw text
host = CWAPP01 source = w3wp sourcetype = Cherwell

0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎08-18-2016 01:20 AM

Hi Peter,
I am assuming your Cherwell servers have been configured to log to Splunk as described here?

I don't know how they implemented that integration, likely it is using the receivers/simple endpoint (which, btw, is not recommended for any kind of high volume logging. But that's a different story...).
That endpoint expects a host name in the request parameters, so this would have to be set in Cherwell code.

Having said that, it is likely a result of the hosts that run Cherwell not returning a FQDN when asked for their hostname. I would start with the server admins of those boxes.

0 Karma
Reply

pkasper
Explorer
‎08-18-2016 05:50 AM

Correct, that is the document, for now it is not a lot of events.

How does Splunk actually ask for the hostname in this scenario? On the Splunk box i can ping both the long and short name. Does it ping it, or use a script to do a reverse lookup? Can I force it somewhere, like the connection_host parameter?

Thanks,
Peter

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...