I had to rename a hostname on splunk client configuration on inputs.conf and server.conf and removed the guid on /etc/instance.cfg to match the hostname of the server with the splunk client configuration in inputs.conf and server.conf files on a linux box. However, I am unable to capture events from the client server. Is there something else I am required to do or re-install Splunk?
I'm not sure why would would have changed it. For a host rename just change the inputs/server entries and that's it.
Double check that you don't have GUID's in different files that are different. Upon start up splunk will error out.
"If server.conf has a value of 'guid' AND instance.cfg has a value of 'guid'
AND these values are different, startup halts and error is shown. Operator
must resolve this error. We recommend erasing the value from server.conf
file, and then restarting."