I am looking for ideas on how to verify hostnames are correct when writing to the indexes and when phoning home as I have encountered a fair number of UF's that were renamed and this is causing some reporting issues. I was looking for ideas on how other may have handled this, particularly in a mixed environment of Windows and Linux.
What drives me bananas about this consistency issue, is the fact that some Linux servers hold the domain name as part of the server name (via uname -a
) and some don't, in our company. We try to identify it during the sanity checks. Whether you want the domain name or not, you need to decide and override it, if needed.
It's at $SPLUNK_HOME/etc/system/local/server.conf
-
serverName = <host>.<domain>.com
Or without the domain.
Glad to see I'm not suffering alone! I'm looking to leverage the Deployment Server an/or DMC to come up with a workable solution. With the amount of cloning and remames this is a bit of an issue with nearly 7000 UF's.
7000 UF's - serious stuff. Nothing should be manual at this scale...
Be sure that each UF server is configured correctly. We are running into issues of consistent crashes of the UFs. Quite often the ulimit -n
(open files) is at 1024 versus the minimum of 8192. Lots of grief ; -)