Solved: Re: Why is my server name not displayed as host?

mawomommoh · ‎05-31-2018

I have a UF installed on my local machine and I installed a different UF on a server which I remotely connect to. Whenever I forward files from the remote server it works well but instead of the "host" field value showing as the server name, it shows my local machine name instead. I don't know why this is. Since I am forwarding from the server I expected that the host value will be the server name. Am I missing something? Is there a way to make the host value the server name instead of my local machine name?

pradeepkumarg · ‎05-31-2018

how do you know it is actually the server that is sending the data and not your local machine?

can you check any inputs.conf on the forwarder and look for host value if it has been accidentally set to your local machine ?

You can also run this btool command to check which configuration file is taking precdence that has set the host value

$ ./splunk cmd btool inputs list --debug | grep host

View solution in original post

pradeepkumarg · ‎05-31-2018

how do you know it is actually the server that is sending the data and not your local machine?

can you check any inputs.conf on the forwarder and look for host value if it has been accidentally set to your local machine ?

You can also run this btool command to check which configuration file is taking precdence that has set the host value

$ ./splunk cmd btool inputs list --debug | grep host

mawomommoh · ‎05-31-2018

I know it is the server because I remotely connect to the server (using Remote Desktop Connection) and I create the file I want to be forwarded on the server and then put in the monitored folder. The created file does not showup on my local machine because I am on the server.

I setup a forwarder on the server, and that is how the file gets forwarded to Splunk. Without the forwarder the file won't go to Splunk. That shows that that forwarder is functioning from the server not my machine.

pradeepkumarg · ‎05-31-2018

can you check any inputs.conf on the forwarder and look for host value if it has been accidentally set to your local machine ?

You can also run this btool command to check which configuration file is taking precdence that has set the host value

$ ./splunk cmd btool inputs list --debug | grep host

mawomommoh · ‎06-01-2018

You were right! Host value in inputs.conf was set to my local machine. Thanks!

niketn · ‎06-01-2018

@mawomommoh I have converted @gpradeepkumarreddy 's comment to answer. Please accept the answer to mark this question as answered!

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

pradeepkumarg · ‎06-01-2018

Thanks, I've updated the answer to be more relevant.

Why is my server name not displayed as host?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation

Why is my server name not displayed as host?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...