- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Renaming OSX Clients due to a reorganization, how ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
We have a project to rename OSX systems due to a reorg. I created a simple shell script that will rename the system based on user input and using the scutil binary.
I also need a way to update the computer name for Splunk.
I've tried a couple of things and don't have a great solution.
1) Use the sed command to replace the existing name in the inputs.conf
- compname=$(scutil --get ComputerName)
- cat /opt/splunkforwarder/etc/system/local/inputs.conf | sed 's/^host = .*/host = '$compname'/g' > /opt/splunkforwarder/etc/system/local/inputs.conf.new
- mv /opt/splunkforwarder/etc/system/local/inputs.conf.new /opt/splunkforwarder/etc/system/local/inputs.conf
2) Stopping Splunk services, removing files, Starting Splunk (forcing auto generating of conf files)
- /opt/splunkforwarder/bin/./splunk stop
- rm -rf /opt/splunkforwarder/etc/system/local/server.conf
- rm -rf /opt/splunkforwarder/etc/system/local/inputs.conf
- touch /opt/splunkforwarder/ftr
- rm -rf /opt/splunkforwarder/etc/myinstall/splunkd.xml
- /opt/splunkforwarder/bin/./splunk start
3) Using $decideOnStartup for the inputs.conf
- Overwriting the inputs.conf file with one that says host = $decideOnStartup
Every solution I have tried hasn't worked perfectly in all scenarios, and I think I'm over complicating it.
At the moment, I'm looking at option #3 as a solution, my only worry is the server.conf has the old computer name. After reading the Splunk document on server.conf, it doesn't look like I can use $decideOnStartup
Thanks,
Jonathan
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could just run these CLI commands:
$SPLUNK_HOME/bin/splunk set servername NEWNAME -auth admin:adminpassword
$SPLUNK_HOME/bin/splunk set default-hostname NEWNAME -auth admin:adminpassword
$SPLUNK_HOME/bin/splunk restart
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could just run these CLI commands:
$SPLUNK_HOME/bin/splunk set servername NEWNAME -auth admin:adminpassword
$SPLUNK_HOME/bin/splunk set default-hostname NEWNAME -auth admin:adminpassword
$SPLUNK_HOME/bin/splunk restart
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@iguinn - Thank you, that works. i was trying to reinvent the wheel when i should have RTM.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried the same trick but it didn't work. The 2 values are changed per the file contents but it doesn't seem to make a difference at the deployment server receiving the connection... Any ideas?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The CLI commands can be really hard to find in the manual...
Fueling your curiosity with new Splunk ILT and eLearning courses
Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...
Unleash Unified Security and Observability with Splunk Cloud Platform
