Solved: get host from fileshare

nurtdi · ‎11-21-2011

Hello,
I have multiple inputs.conf entries
...
[monitor://\\server1\share$\mylog.log]
sourcetype = MYLOG
index = mylog
host_segment = 1
...
this creates host = share$ on index server...
changing to host_segment = 0 did not work.
how can I get hostname out of fileshare (\\server\share$\log)?

please help.

thank you.

nurtdi · ‎11-22-2011

Thank you for your answer. Although it did not work...
The solution was quite simple - I just needed to use static host = server1 in each stanza.
Thanks.

View solution in original post

nurtdi · ‎11-22-2011

Thank you for your answer. Although it did not work...
The solution was quite simple - I just needed to use static host = server1 in each stanza.
Thanks.

Takajian · ‎11-21-2011

Could you try host_regex like as bellow? It will work for your requirement.

[monitor://xxxxxxxxxxx]
host_regex = (server\d+)

get host from fileshare

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Join the Conversation