Getting Data In

hostname in inputs.conf

heterodyned
Path Finder

Is there anyway I could verify if there is any variable which could be used to extract hostname for inputs.conf? instead of explicitly mentioning hostname, I need to push the input.conf file to a set of systems...

0 Karma
1 Solution

ftk
Motivator

hostname is defined in the $SPLUNKHOME/etc/system/local/inputs.conf. If you want to push out a standard inputs.conf to multiple splunk instances you have a few options:

  1. Use a deployment server, creating a new app with your inputs.conf to be shipped out. A little bit up front setup time, but easy to manage many hosts. http://www.splunk.com/base/Documentation/latest/Admin/Aboutdeploymentserver
  2. If you want to manually (or via script) do this, simply place the inputs.conf into $SPLUNKHOME/etc/apps/search/local. The inputs.conf at this location does not define the hostname, so you don't have to worry about overwriting it by accident or setting it yourself.

Take a look at the configuration file reference in the documentation, this should make a lot more sense then. http://www.splunk.com/base/Documentation/latest/Admin/Wheretofindtheconfigurationfiles

View solution in original post

ftk
Motivator

hostname is defined in the $SPLUNKHOME/etc/system/local/inputs.conf. If you want to push out a standard inputs.conf to multiple splunk instances you have a few options:

  1. Use a deployment server, creating a new app with your inputs.conf to be shipped out. A little bit up front setup time, but easy to manage many hosts. http://www.splunk.com/base/Documentation/latest/Admin/Aboutdeploymentserver
  2. If you want to manually (or via script) do this, simply place the inputs.conf into $SPLUNKHOME/etc/apps/search/local. The inputs.conf at this location does not define the hostname, so you don't have to worry about overwriting it by accident or setting it yourself.

Take a look at the configuration file reference in the documentation, this should make a lot more sense then. http://www.splunk.com/base/Documentation/latest/Admin/Wheretofindtheconfigurationfiles

heterodyned
Path Finder

thank you so much, i think this is what i was looking for, i am going to be working to use this feature for scaling the updated conf files...

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

Well. In a standard install, the first time Splunk is run, it executes hostname and puts the result into $SPLUNK_HOME/etc/system/local/inputs.conf as the default hostname. That is what will be used for all inputs from this local machine unless otherwise specified or overridden. If that doesn't work for you then, at least as of 4.1.2, you'll have to figure out a way to regenerate the value in that file separately from any Splunk functionality.

heterodyned
Path Finder

By default it is taking the IP of that system, although the fqdn is ssomething like : abcd.xyz.com, is there anyway I should be overwriting the hostname, like some default variable..

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...