Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Why does host name show up in Splunk Cloud in all ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am having an issue with the Host name showing up in all capital letters on Splunk Cloud, but the Splunk UF is showing its name in lower case for both host and the Splunk instance name. This is occurring on a Windows 2016 platform.
I have verified that the name is all lower case in the server.conf file and just for gee whiz, I ran the "splunk.exe clone-prep-clear-config" command on this server and nothing changed. I have verified via the system screen and the command line that the servers name is lowercase.
I ran and IPconfig /all and it too is showing the host name as lower case and NETBIOS has been disabled on this server. Also using the Nbtstat commands I have validated that the NetBios is disabled on this server.
Not sure how to proceed from here. Any advice would be greatly appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your reply,
The issue appears with both “Host” and “host” and found no issues with the inputs.conf. I forgot to add that I did run the btool and got no results their either. To correct this issue, I went into the local/server.conf file and change it to an all Capital Name. This changed the Instance name on the Splunk Universal Forwarder to all caps.
I went one step further and ran the clone-prep-clear-config command, which changed the name back to all lower case. So the server.conf was changed back to an all caps name.
Also, I have over 2600 servers that are reporting to my Splunk Cloud and this is the only server that we are having this issue with. I am going to stick with the manual change we made to the server.conf file and chalk this one up to the every present Splunk Gremlin.
Thanks for your response
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What exactly are you looking at when you check the Host name? Is the field "Host" or "host" (they're not the same)? Is this for all hosts or just some of them?
Have you checked the inputs.conf files on the problem host(s)? Run this command to help isolate the problem setting:
splunk btool --debug inputs list | grep "\bhost"If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your reply,
The issue appears with both “Host” and “host” and found no issues with the inputs.conf. I forgot to add that I did run the btool and got no results their either. To correct this issue, I went into the local/server.conf file and change it to an all Capital Name. This changed the Instance name on the Splunk Universal Forwarder to all caps.
I went one step further and ran the clone-prep-clear-config command, which changed the name back to all lower case. So the server.conf was changed back to an all caps name.
Also, I have over 2600 servers that are reporting to my Splunk Cloud and this is the only server that we are having this issue with. I am going to stick with the manual change we made to the server.conf file and chalk this one up to the every present Splunk Gremlin.
Thanks for your response
Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...
Splunk Observability for AI
🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler
