Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Trouble with Host Extraction at Index Time

JPrictoe
Loves-to-Learn
‎03-13-2018 10:10 AM

To me this should be simple, but I can't get it. When entering host info while adding data I select "regex on path" and enter the regex for my capture group, but it still returns my default host upon search for that particular source. Even if I change my default host name in system/local or search/local inputs.conf, I still get my default host. Also if I select "segment on path" and just try to name it something along the path, I still get my default host. Even if my regex was not sound, some of these other options should work, where is Splunk continually pulling my default host from if I take it out of .conf files entirely?

0 Karma
Reply

tiagofbmm
Influencer
‎03-13-2018 10:23 AM

To check where splunk is using your default host, use btool

$SPLUNK_HOME/bin/splunk btool inputs list --debug

It will show you the running configuration in your inputs and show you for the stanza you'rel looking for, where is it getting the default host from (where meaning from which conf file specifically)

0 Karma
Reply

tiagofbmm
Influencer
‎03-21-2018 10:04 AM

Please let me know if the answer was useful for you. If it was, accept it and upvote. If not, give us more input so we can help you with that

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...