Getting Data In

Is it possible to configure transforms.conf on a forwarder to add a hostname or host IP to the head of each row before forwarding?

ekremikizoglu
Explorer

Hi,

I want to add hostname or host IP to the head of each row before forwarding. Is it possible with transforms.conf?
Can a Splunk forwarder learn and set host info to any token so we can use it conf files?

example raw log :
06-07-2016 14:44:18.878 +0300 INFO Blablabal - Msgmsgmsgmsgmsgm
06-07-2016 14:44:20.754 +0300 WARN Blablsaeccl - Msgmsgm dasas

After transform:
HOSTNAME 06-07-2016 14:44:18.878 +0300 INFO Blablabal - Msgmsgmsgmsgmsgm
HOSTNAME 06-07-2016 14:44:20.754 +0300 WARN Blablsaeccl - Msgmsgm dasas
or
xx.xxx.xx.xx 06-07-2016 14:44:18.878 +0300 INFO Blablabal - Msgmsgmsgmsgmsgm
xx.xxx.xx.xx 06-07-2016 14:44:20.754 +0300 WARN Blablsaeccl - Msgmsgm dasas

Thanks.

0 Karma

ssadh
Engager

So rummaging through the documentation for outputs.conf, I found that there is an option for sending out syslog output.
where you can set the hostname field -

syslogSourceType = <string>

the excerpt from the same documentation,

Data which does not match the rules has a header, optionally a timestamp (if defined in 'timestampformat'), and a hostname added to the front of the event. This is how Splunk causes arbitrary log data to match syslog expectations.

you can try this out , hope it works.

0 Karma

ddrillic
Ultra Champion

You can/should do it on the indexer tier.

0 Karma

ekremikizoglu
Explorer

I am forwarding these event another host which is different from indexer. So i can not use indexer for this. So i need to know this logs where it come.

0 Karma
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...