Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

clientName vs host name question ?

sieutruc
Contributor
‎09-14-2012 07:19 AM

Hello,

I get confused between clientName (in deploymentclient.conf) and host (in inputs.conf).
Can i use clientName instead of host when sending data to the receiver ? is clientName set as host of the events that will be indexed at indexer ?

Because i have to filter the client machine according to each kind of Windows , so i name each of such kind as client[WinsVersion]. i set clientName like that to register with deployment server. Now for routing these events, how can i use clientName as host of those machines ?

Tags (1)
Reply

bwooden
Splunk Employee
Splunk Employee
‎09-14-2012 07:40 AM

When a deployment server receives a request from a deployment client, it will attempt to place it in one or more serverclasses by evaluating this information in the following order (machine types are also evaluated, but we'll ignore that for purposes of this conversation)

  1. clientName (attribute from client's deploymentclient.conf)
  2. ip address
  3. host name (as determined via dns)
  4. host name (as determined by client)

The host value in inputs.conf does not come into play here.

The default value of clientName in deploymentclient.conf is deploymentClient. If you're overriding that with a custom choice, you can reference that value in the serverclass.conf of your deployment server's whitelists and blacklists.

Reply

bwooden
Splunk Employee
Splunk Employee
‎09-14-2012 08:00 AM

You can push configurations to those clients by building apps in deployment-apps and assigning them to a serverClass matching your clientName. It would be undesirable to update host name in inputs.conf for this purpose (and would not affect deployment server evaluation as the hostname reported is not pulled from inputs.conf). We generally want to keep the host value in inputs.conf unique to represent the host of the individual machine so we can distinguish between hosts in search language.

0 Karma
Reply

sieutruc
Contributor
‎09-14-2012 07:52 AM

So do you know how to set automatically host in inputs.conf as clientName that i set for the deployment client ?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...