We would like to index users' shell history (.bash_ history) in Splunk. The issue is that we have shared home directories that are NFS mounted. That means whenever you log into a machine, you're accessing your same files and, consequently, the same .bash_history.
We'd like Splunk to know what host the user was on when .bash_history was updated. This way we can run a search within Splunk and see how typed which commands from which host.
Is this possible? It sound like it's a procedural issue that is outside of Splunk. I'm hoping someone else here has accomplished this.