- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: Renaming OSX Clients due to a reorganization, ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
We have a project to rename OSX systems due to a reorg. I created a simple shell script that will rename the system based on user input and using the scutil binary.
I also need a way to update the computer name for Splunk.
I've tried a couple of things and don't have a great solution.
1) Use the sed command to replace the existing name in the inputs.conf
- compname=$(scutil --get ComputerName)
- cat /opt/splunkforwarder/etc/system/local/inputs.conf | sed 's/^host = .*/host = '$compname'/g' > /opt/splunkforwarder/etc/system/local/inputs.conf.new
- mv /opt/splunkforwarder/etc/system/local/inputs.conf.new /opt/splunkforwarder/etc/system/local/inputs.conf
2) Stopping Splunk services, removing files, Starting Splunk (forcing auto generating of conf files)
- /opt/splunkforwarder/bin/./splunk stop
- rm -rf /opt/splunkforwarder/etc/system/local/server.conf
- rm -rf /opt/splunkforwarder/etc/system/local/inputs.conf
- touch /opt/splunkforwarder/ftr
- rm -rf /opt/splunkforwarder/etc/myinstall/splunkd.xml
- /opt/splunkforwarder/bin/./splunk start
3) Using $decideOnStartup for the inputs.conf
- Overwriting the inputs.conf file with one that says host = $decideOnStartup
Every solution I have tried hasn't worked perfectly in all scenarios, and I think I'm over complicating it.
At the moment, I'm looking at option #3 as a solution, my only worry is the server.conf has the old computer name. After reading the Splunk document on server.conf, it doesn't look like I can use $decideOnStartup
Thanks,
Jonathan
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could just run these CLI commands:
$SPLUNK_HOME/bin/splunk set servername NEWNAME -auth admin:adminpassword
$SPLUNK_HOME/bin/splunk set default-hostname NEWNAME -auth admin:adminpassword
$SPLUNK_HOME/bin/splunk restart
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could just run these CLI commands:
$SPLUNK_HOME/bin/splunk set servername NEWNAME -auth admin:adminpassword
$SPLUNK_HOME/bin/splunk set default-hostname NEWNAME -auth admin:adminpassword
$SPLUNK_HOME/bin/splunk restart
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@iguinn - Thank you, that works. i was trying to reinvent the wheel when i should have RTM.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried the same trick but it didn't work. The 2 values are changed per the file contents but it doesn't seem to make a difference at the deployment server receiving the connection... Any ideas?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The CLI commands can be really hard to find in the manual...
Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!
Transform your security operations with Splunk Enterprise Security
Splunk Admins and App Developers | Earn a $35 gift card!
