Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

wrong host

vinchakov_a
Path Finder
‎05-15-2014 09:01 PM

Hello, please help me. I through splunkforwarder try to load a look log:

May 16 03:36:57 corosync [CMAN  ] daemon: sending reply 40000005 to fd 32
May 16 03:36:57 corosync [CMAN  ] daemon: read 20 bytes from fd 32
May 16 03:36:57 corosync [CMAN  ] daemon: client command is 7
May 16 03:36:57 corosync [CMAN  ] daemon: About to process command
May 16 03:36:57 corosync [CMAN  ] memb: command to process is 7
May 16 03:36:57 corosync [CMAN  ] memb: get_all_members: retlen = 880

And splunk changes host name for corosync how to bypass it?

Tags (2)
0 Karma
Reply

vinchakov_a
Path Finder
‎05-16-2014 12:36 AM

yes, I use syslog sourcetype

0 Karma
Reply

splunker12er
Motivator
‎05-15-2014 11:58 PM

Goto the path -

etc\system\local

Edit the below files :

server.conf

[general]
serverName = 10.x.x.x

inputs.conf

[default]
host = 10.x.x.x

After making the changes restart the splunkforwarder service.
If you early forwarded logs to indexer , delete the indexed data for the specific host.
or check for recent changes

0 Karma
Reply

vinchakov_a
Path Finder
‎05-16-2014 12:55 AM

and was, the problem was in sourcetype. thnx

0 Karma
Reply

emechler_splunk
Splunk Employee
Splunk Employee
‎05-15-2014 11:40 PM

What sourcetype are you assigning? There are built-in sourcetypes (e.g. syslog) that could be overriding the host based on the message content.

Reply

linu1988
Champion
‎05-15-2014 11:10 PM

try with you monitor stanza. If the data is already indexed it will not help you anymore. You have to delete the index and re-index the files after clearing the fish bucket at forwarder end.

0 Karma
Reply

vinchakov_a
Path Finder
‎05-15-2014 09:48 PM

I tryed^ 

[default]
host = myname

It not help.

0 Karma
Reply

linu1988
Champion
‎05-15-2014 09:14 PM

mention host name for the input in the splunkforwarder.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...