UF to send both Hostname and IP Address as metadat...

Splunk Dev

We can have either IP address or hostname for host field, both is not supported yet. Below highlighted config in inputs.conf will force to set host as IP address:

host = localhost

connection_host = ip

we tried to explore _meta field coming from UF. If we can make that dynamic to support variable, then we can have both IP and hostname.

This would be similar to $decideOnStartup functionality for host field, but more flexible.

Has anyone able to send both IP and Hostname dynamically for indexing through UF?

For example:

$hostname$ will yield hostname.. as used with inputs.conf, it would be

[default]

_meta = splunk_forwarder::$hostname$

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with another ...