Solved: get host from fileshare

nurtdi · ‎11-21-2011

Hello,
I have multiple inputs.conf entries
...
[monitor://\\server1\share$\mylog.log]
sourcetype = MYLOG
index = mylog
host_segment = 1
...
this creates host = share$ on index server...
changing to host_segment = 0 did not work.
how can I get hostname out of fileshare (\\server\share$\log)?

please help.

thank you.

nurtdi · ‎11-22-2011

Thank you for your answer. Although it did not work...
The solution was quite simple - I just needed to use static host = server1 in each stanza.
Thanks.

View solution in original post

nurtdi · ‎11-22-2011

Thank you for your answer. Although it did not work...
The solution was quite simple - I just needed to use static host = server1 in each stanza.
Thanks.

Takajian · ‎11-21-2011

Could you try host_regex like as bellow? It will work for your requirement.

[monitor://xxxxxxxxxxx]
host_regex = (server\d+)

get host from fileshare

Faster Insights with AI, Streamlined Cloud-Native Operations, and More New Lantern ...

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Developer Spotlight with Guilhem Marchand

Join the Conversation

get host from fileshare

Faster Insights with AI, Streamlined Cloud-Native Operations, and More New Lantern ...

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Developer Spotlight with Guilhem Marchand