Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

clientName vs host name question ?

sieutruc
Contributor
‎09-14-2012 07:19 AM

Hello,

I get confused between clientName (in deploymentclient.conf) and host (in inputs.conf).
Can i use clientName instead of host when sending data to the receiver ? is clientName set as host of the events that will be indexed at indexer ?

Because i have to filter the client machine according to each kind of Windows , so i name each of such kind as client[WinsVersion]. i set clientName like that to register with deployment server. Now for routing these events, how can i use clientName as host of those machines ?

Tags (1)
Reply

bwooden
Splunk Employee
Splunk Employee
‎09-14-2012 07:40 AM

When a deployment server receives a request from a deployment client, it will attempt to place it in one or more serverclasses by evaluating this information in the following order (machine types are also evaluated, but we'll ignore that for purposes of this conversation)

  1. clientName (attribute from client's deploymentclient.conf)
  2. ip address
  3. host name (as determined via dns)
  4. host name (as determined by client)

The host value in inputs.conf does not come into play here.

The default value of clientName in deploymentclient.conf is deploymentClient. If you're overriding that with a custom choice, you can reference that value in the serverclass.conf of your deployment server's whitelists and blacklists.

Reply

bwooden
Splunk Employee
Splunk Employee
‎09-14-2012 08:00 AM

You can push configurations to those clients by building apps in deployment-apps and assigning them to a serverClass matching your clientName. It would be undesirable to update host name in inputs.conf for this purpose (and would not affect deployment server evaluation as the hostname reported is not pulled from inputs.conf). We generally want to keep the host value in inputs.conf unique to represent the host of the individual machine so we can distinguish between hosts in search language.

0 Karma
Reply

sieutruc
Contributor
‎09-14-2012 07:52 AM

So do you know how to set automatically host in inputs.conf as clientName that i set for the deployment client ?

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...