We have a report that provides a nightly email alert with inline results for every successful backup event.
Ever since we upgraded to 4.1 from 4.x, the reports are showing the IP address instead of the hostname.
Did something change in 4.1? And how can I fix this?
i'm assuming the data is syslog directly to a Splunk UDP port, and it's because by default we don't resolve IP addresses on a UDP port any more. connection_host in inputs.conf will reset it though.
View solution in original post
Yes, thank you for the answer!
Are you using an udp input?
Try adding connection_host = dns to your UDP input stanza.
connection_host = dns
See the following post: Lookups - using them to replace the host field