Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What is the best way to check for hostname consistency in Linux and Windows UF deployments?

ppeterson
Path Finder
‎10-19-2016 07:31 AM

I am looking for ideas on how to verify hostnames are correct when writing to the indexes and when phoning home as I have encountered a fair number of UF's that were renamed and this is causing some reporting issues. I was looking for ideas on how other may have handled this, particularly in a mixed environment of Windows and Linux.

0 Karma
Reply

ddrillic
Ultra Champion
‎10-19-2016 07:44 AM

What drives me bananas about this consistency issue, is the fact that some Linux servers hold the domain name as part of the server name (via uname -a) and some don't, in our company. We try to identify it during the sanity checks. Whether you want the domain name or not, you need to decide and override it, if needed.

It's at $SPLUNK_HOME/etc/system/local/server.conf -

serverName = <host>.<domain>.com

Or without the domain.

0 Karma
Reply

ppeterson
Path Finder
‎10-20-2016 08:53 AM

Glad to see I'm not suffering alone! I'm looking to leverage the Deployment Server an/or DMC to come up with a workable solution. With the amount of cloning and remames this is a bit of an issue with nearly 7000 UF's.

0 Karma
Reply

ddrillic
Ultra Champion
‎10-20-2016 09:00 AM

7000 UF's - serious stuff. Nothing should be manual at this scale...
Be sure that each UF server is configured correctly. We are running into issues of consistent crashes of the UFs. Quite often the ulimit -n (open files) is at 1024 versus the minimum of 8192. Lots of grief ; -)

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...