Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why am I seeing host multiple times in search

dmitchell_ingre
New Member
‎04-04-2018 12:45 PM

Hello Splunkers,

I'm trying to validate that engineers have successfully deployed forwarders on all required systems. All Sites have their own index. So I'm running the following search to check:

index=siteA | stats count by host

This returns the hosts, but for my Linux machines I see "machineA" followed by "machineA.siteA.local."

Does anyone have any insight as to what might be the problem? Per my instructions, the engineers have uninstalled old forwarders before installing a new version for our Splunk rebuild.

Thanks so much!

0 Karma
Reply

davpx
Communicator
‎04-04-2018 05:24 PM

Some inputs can return the shortname and some return the FQDN. Check to ensure your forwarder's inputs.conf hostname under [default] matches the name in server.conf and that any other inputs do not specify a host explicitly.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...