Getting Data In

Renaming OSX Clients due to a reorganization, how do I update the computer name for Splunk?

paulmung27
Engager

Hi,

We have a project to rename OSX systems due to a reorg. I created a simple shell script that will rename the system based on user input and using the scutil binary.

I also need a way to update the computer name for Splunk.

I've tried a couple of things and don't have a great solution.

1) Use the sed command to replace the existing name in the inputs.conf

  • compname=$(scutil --get ComputerName)
  • cat /opt/splunkforwarder/etc/system/local/inputs.conf | sed 's/^host = .*/host = '$compname'/g' > /opt/splunkforwarder/etc/system/local/inputs.conf.new
  • mv /opt/splunkforwarder/etc/system/local/inputs.conf.new /opt/splunkforwarder/etc/system/local/inputs.conf

2) Stopping Splunk services, removing files, Starting Splunk (forcing auto generating of conf files)

  • /opt/splunkforwarder/bin/./splunk stop
  • rm -rf /opt/splunkforwarder/etc/system/local/server.conf
  • rm -rf /opt/splunkforwarder/etc/system/local/inputs.conf
  • touch /opt/splunkforwarder/ftr
  • rm -rf /opt/splunkforwarder/etc/myinstall/splunkd.xml
  • /opt/splunkforwarder/bin/./splunk start

3) Using $decideOnStartup for the inputs.conf

  • Overwriting the inputs.conf file with one that says host = $decideOnStartup

Every solution I have tried hasn't worked perfectly in all scenarios, and I think I'm over complicating it.

At the moment, I'm looking at option #3 as a solution, my only worry is the server.conf has the old computer name. After reading the Splunk document on server.conf, it doesn't look like I can use $decideOnStartup

Thanks,
Jonathan

0 Karma
1 Solution

lguinn2
Legend

You could just run these CLI commands:

$SPLUNK_HOME/bin/splunk set servername NEWNAME -auth admin:adminpassword
$SPLUNK_HOME/bin/splunk set default-hostname NEWNAME -auth admin:adminpassword
$SPLUNK_HOME/bin/splunk restart

View solution in original post

lguinn2
Legend

You could just run these CLI commands:

$SPLUNK_HOME/bin/splunk set servername NEWNAME -auth admin:adminpassword
$SPLUNK_HOME/bin/splunk set default-hostname NEWNAME -auth admin:adminpassword
$SPLUNK_HOME/bin/splunk restart

paulmung27
Engager

@iguinn - Thank you, that works. i was trying to reinvent the wheel when i should have RTM.

0 Karma

artcarrera
Explorer

I tried the same trick but it didn't work. The 2 values are changed per the file contents but it doesn't seem to make a difference at the deployment server receiving the connection... Any ideas?

0 Karma

lguinn2
Legend

The CLI commands can be really hard to find in the manual...

0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...