Getting Data In

How to make sure all servers checking in with the deployment server use FQDN?

Path Finder

I've noticed that among all of the universal forwarders checking in with my deployment server, there is no consistency in which hosts are fully qualified domain names (FQDN), e.g. myserver.mydomain.com, and which hosts just check in with short names, e.g. myserver.

Can someone tell me how to control this function? Ideally, I want all servers checking in with the deployment server to use FQDNs.

Thanks in advance!

0 Karma
1 Solution

Esteemed Legend

Edit server.conf:

hostnameOption = <ASCII string>
* The option used to specify the detail in the server name used to identify this Splunk instance.
* Can be one of "fullyqualifiedname" , "clustername", "shortname"
* Is applicable to Windows only
* Shall not be an empty string

View solution in original post

Esteemed Legend

Edit server.conf:

hostnameOption = <ASCII string>
* The option used to specify the detail in the server name used to identify this Splunk instance.
* Can be one of "fullyqualifiedname" , "clustername", "shortname"
* Is applicable to Windows only
* Shall not be an empty string

View solution in original post

Path Finder

Thank you.

Interesting about the "only to applicable to Windows only" caveat.

Actually, now that I look at it, it is only the Windows hosts that are not qualified on the forwarder management page. All of the *nix hosts are.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!