wrong host

vinchakov_a · ‎05-15-2014

Hello, please help me. I through splunkforwarder try to load a look log:

May 16 03:36:57 corosync [CMAN  ] daemon: sending reply 40000005 to fd 32
May 16 03:36:57 corosync [CMAN  ] daemon: read 20 bytes from fd 32
May 16 03:36:57 corosync [CMAN  ] daemon: client command is 7
May 16 03:36:57 corosync [CMAN  ] daemon: About to process command
May 16 03:36:57 corosync [CMAN  ] memb: command to process is 7
May 16 03:36:57 corosync [CMAN  ] memb: get_all_members: retlen = 880

And splunk changes host name for corosync how to bypass it?

vinchakov_a · ‎05-16-2014

yes, I use syslog sourcetype

splunker12er · ‎05-15-2014

Goto the path -

etc\system\local

Edit the below files :

server.conf

[general]
serverName = 10.x.x.x

inputs.conf

[default]
host = 10.x.x.x

After making the changes restart the splunkforwarder service.
If you early forwarded logs to indexer , delete the indexed data for the specific host.
or check for recent changes

vinchakov_a · ‎05-16-2014

and was, the problem was in sourcetype. thnx

emechler_splunk · ‎05-15-2014

What sourcetype are you assigning? There are built-in sourcetypes (e.g. syslog) that could be overriding the host based on the message content.

linu1988 · ‎05-15-2014

try with you monitor stanza. If the data is already indexed it will not help you anymore. You have to delete the index and re-index the files after clearing the fish bucket at forwarder end.

vinchakov_a · ‎05-15-2014

I tryed^

[default]
host = myname

It not help.

linu1988 · ‎05-15-2014

mention host name for the input in the splunkforwarder.

wrong host

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes