Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to set hostname for the Splunk Windows Universal Forwarder

OldManEd
Builder
‎10-16-2015 01:52 PM

When I installed the Splunk Universal Forwarder for Windows, the inputs.conf file has the stanza;

[default]
host = <actual host name>

I want to make the Splunk Forwarder directories on this server part of an image to load onto other servers. So what do I change this stanza to, if anything, to get it to use the name of the server that it's being loaded on?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎10-16-2015 02:56 PM

Just delete the host= line from the file in your master image and splunk will automatically figure it out when you deploy the file and (re)start splunk.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

mtranchita
Communicator
‎10-16-2015 04:40 PM

In the spec, found at http://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf
it shows that the value in system/default/inputs.conf is $decideOnStartup
On first run this will write to system/local. You can prestage that value in the system/local (or override system/default with an app) so that the UF polls the OS every time it starts.

Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎10-16-2015 02:56 PM

Just delete the host= line from the file in your master image and splunk will automatically figure it out when you deploy the file and (re)start splunk.

0 Karma
Reply
Solved! Jump to solution

OldManEd
Builder
‎10-16-2015 03:11 PM

This seemed to work. I commented out the "host =" and "serverName =" lines in the "inputs.conf" and "server.conf" files respectively and the Forwarder serrvice did start this time and it was named correctly in the Deployment server when it "Phoned Home". But I noticed that the "inputs.conf" and "server.conf" files were not updated. I assume the Splunk Forwarder is looking someplace else for the default server name.

Anyway, thanks.

0 Karma
Reply
Solved! Jump to solution

OldManEd
Builder
‎10-16-2015 01:55 PM

I just noticed that in the same directory, in the server.conf file, I have the following stanza;

[general]
pass4SymmKey = <Pass key number>
serverName = <actual host name>

I'm going to have to change that also. But to what?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...

Finding Based Detections General Availability

Overview  We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars  Sometimes, you just need to see the code. For those looking for a ...