Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How can i set unique hostname on Splunk Windows Forwarder?

Oracle
Explorer
‎05-19-2019 08:44 PM

Hi Guys,

Need help on this... Currently, we have ongoing integration of Splunk forwarder to Deployment Server the issue was some of the servers has the same hostname. Is there a way we can set the hostname uniquely without editing the hostname/computer name on Operating System?

As far as I know, in Splunk Forwarder Windows the default hostname will be the Computername. In Linux, by changing the inputs.conf and server.conf of hostname configuration it was working properly the way you inputted the hostname on that configuration file. Is there any workaround to reflect the hostname correctly on deployment server and indexing without editing the hostname on OS level?

Any suggestion/help would be greatly appreciated. Thank you

0 Karma
Reply

DavidHourani
Super Champion
‎05-19-2019 11:48 PM

Hi @Oracle,

As you can see in the link below you can change the hostname either via CLI or config file :
https://answers.splunk.com/answers/154999/how-can-i-change-the-default-hostname-in-splunk.html

If you need to change the name in order to be able to manage your server more easily from the deployment server I advise you to use the following configuration which can be deployed from an app onto your forwarders : 

clientName = deploymentClient
* Defaults to deploymentClient.
* A name that the deployment server can filter on.
* Takes precedence over DNS names.

As shown here :
https://docs.splunk.com/Documentation/Splunk/7.2.6/Admin/Deploymentclientconf#.5Bdeployment-client.5...

Cheers,
David

0 Karma
Reply

manjunathmeti
Champion
‎05-19-2019 11:40 PM

You can set deployment client name in you forwarders deploymentclient.conf and use it in "Include (whitelist)" field on deployment server.

[deployment-client]
clientName = deploymentClient
* Defaults to deploymentClient.
* A name that the deployment server can filter on.
* Takes precedence over DNS names.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...