Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to fix incorrect Instance name after change hostname?

krzysztofz
New Member
‎06-07-2017 06:28 AM

I have problem with change instance name in Splunk.

In conf files serverName variable is change to new hostname and splunk is restarted.

Everything is ok, but in, for ex. "Resource Usage: Instance" in "Instance" drop down list i see old hostname.

I try to find this in all Splunk files (db too) and find it only in \var\lib\splunk\kvstore\mongo\local.0 file.

What can i do to fix this problem?

Tags (1)
0 Karma
Reply

willsy
Communicator
‎09-15-2022 01:58 PM

There will be four places in linux that this could be. These are;

/etc/hostname
/SPLUNK_HOME/etc/system/local/server.conf
/SPLUNK_HOME/etc/system/local/inputs.conf
/SPLUNK_HOME/etc/system/local/deploymentclient.conf

server.conf 
[general]
serverName = whatever

inputs.conf
host = whatever

deploymentclient.conf
[deployment-client]
clientName = whatever

0 Karma
Reply

krzysztofz
New Member
‎06-07-2017 03:11 PM

I already edit this files.

But, i fix this problem in other way...

In Settings > General Setup i edit Instance (Actions > Edit > Edit Server Roles) and for ex. KV Store for a while.

After this in Resource Usage etc. i see correct Instance name and stats display correctly now (before fix not).

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎06-07-2017 12:38 PM

if you change the hostname, you may want to edit the splunk configurations to update it.

in $SPLUNK_HOME/etc/system/local/inputs.conf
the default stanza used for all inputs
check for host=something setting that may be the old hostname

in $SPLUNK_HOME/etc/system/local/server.conf
there is a hostname setting, used for the server name (for deployment client, or metrics)

Reply

adonio
Ultra Champion
‎06-07-2017 07:46 AM

try in etc/system/local/inputs.conf
change the host = oldName to newName
hope it helps

0 Karma
Reply
Get Updates on the Splunk Community!

Fall Into Learning with New Splunk Education Courses

Every month, Splunk Education releases new courses to help you branch out, strengthen your data science roots, ...

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

By Martin Hettervik, Senior Consultant and Team Leader at Accelerate at Iver, Splunk MVPThe stats command is ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes

Your bank's payment processing system is humming along during a busy afternoon, handling millions in hourly ...