Solved: How do I set a hostname?

matt · ‎01-15-2010

What do I need to do to set the correct hostname for an event?

matt · ‎01-15-2010

Hostnames in splunk can be set in many ways.

You can set it explicitly in inputs.conf.

For incoming TCP traffic, the host can be set with the following in your inputs.conf connection_host = ip | dns

The host value can always be overwritten via props/transforms configurations. This is how the host value is set when the event is sourcetyped as syslog. Props/transforms configs will trump what is defined in inputs.conf

More details can be found here

View solution in original post

jrodman · ‎01-15-2010

Corrolary to emma: be wary of sourcetyping things as 'syslog' which aren't, as you may get other strings pulled out as a hostname.

emma · ‎01-15-2010

an important thing to note: if you're indexing syslog data, set the sourcetype to "syslog" and your host will be extracted automatically from your events. you can set a default host that will get assigned to any event that doesn't contain a host name or IP address.

matt · ‎01-15-2010

Hostnames in splunk can be set in many ways.

You can set it explicitly in inputs.conf.

For incoming TCP traffic, the host can be set with the following in your inputs.conf connection_host = ip | dns

The host value can always be overwritten via props/transforms configurations. This is how the host value is set when the event is sourcetyped as syslog. Props/transforms configs will trump what is defined in inputs.conf

More details can be found here

How do I set a hostname?

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

Stay Connected: Your Guide to February Tech Talks, Office Hours, and Webinars!