Solved: How to add host name in event ?

kml_uvce · ‎10-30-2012

I am forwarding data from indexer to heavy forwarder How I can append host name in event (_raw) in indxer that will be forwarded to heavy forwarder ?

kamal singh bisht

yannK · ‎10-30-2012

Can you explain why you are doing this ? What is the heavy forwarder sending to ?

If you want to export data, use a scheduled search to export search results formated as you wish

yannK · ‎10-30-2012

Can you explain why you are doing this ? What is the heavy forwarder sending to ?

If you want to export data, use a scheduled search to export search results formated as you wish

yannK · ‎11-05-2012

if the answer suits you, you can accept it.

yannK · ‎11-01-2012

Here is the method to add any metadata (like host) in the events.
Do that at the indexer level (during index time)

kml_uvce · ‎11-01-2012

The actual scenario is like this: I am sending data like this...

universalforwarder -> indexer -> Heavy forwarder -> Syslog-ng server

How Can I get Universal forwarder machine address in Syslog-ng server.

kamal singh bisht

How to add host name in event ?