Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: Why is my server name not displayed as host?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a UF installed on my local machine and I installed a different UF on a server which I remotely connect to. Whenever I forward files from the remote server it works well but instead of the "host" field value showing as the server name, it shows my local machine name instead. I don't know why this is. Since I am forwarding from the server I expected that the host value will be the server name. Am I missing something? Is there a way to make the host value the server name instead of my local machine name?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how do you know it is actually the server that is sending the data and not your local machine?
can you check any inputs.conf on the forwarder and look for host value if it has been accidentally set to your local machine ?
You can also run this btool command to check which configuration file is taking precdence that has set the host value
$ ./splunk cmd btool inputs list --debug | grep host
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how do you know it is actually the server that is sending the data and not your local machine?
can you check any inputs.conf on the forwarder and look for host value if it has been accidentally set to your local machine ?
You can also run this btool command to check which configuration file is taking precdence that has set the host value
$ ./splunk cmd btool inputs list --debug | grep host
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I know it is the server because I remotely connect to the server (using Remote Desktop Connection) and I create the file I want to be forwarded on the server and then put in the monitored folder. The created file does not showup on my local machine because I am on the server.
I setup a forwarder on the server, and that is how the file gets forwarded to Splunk. Without the forwarder the file won't go to Splunk. That shows that that forwarder is functioning from the server not my machine.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you check any inputs.conf on the forwarder and look for host value if it has been accidentally set to your local machine ?
You can also run this btool command to check which configuration file is taking precdence that has set the host value
$ ./splunk cmd btool inputs list --debug | grep host
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You were right! Host value in inputs.conf was set to my local machine. Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@mawomommoh I have converted @gpradeepkumarreddy 's comment to answer. Please accept the answer to mark this question as answered!
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, I've updated the answer to be more relevant.
Observe and Secure All Apps with Splunk
What's New in Splunk Observability - August 2025
Introduction to Splunk AI
