Splunk Enterprise Security

How can i set unique hostname on Splunk Windows Forwarder?

Explorer

Hi Guys,

Need help on this... Currently, we have ongoing integration of Splunk forwarder to Deployment Server the issue was some of the servers has the same hostname. Is there a way we can set the hostname uniquely without editing the hostname/computer name on Operating System?

As far as I know, in Splunk Forwarder Windows the default hostname will be the Computername. In Linux, by changing the inputs.conf and server.conf of hostname configuration it was working properly the way you inputted the hostname on that configuration file. Is there any workaround to reflect the hostname correctly on deployment server and indexing without editing the hostname on OS level?

Any suggestion/help would be greatly appreciated. Thank you

0 Karma

SplunkTrust
SplunkTrust

Hi @Oracle,

As you can see in the link below you can change the hostname either via CLI or config file :
https://answers.splunk.com/answers/154999/how-can-i-change-the-default-hostname-in-splunk.html

If you need to change the name in order to be able to manage your server more easily from the deployment server I advise you to use the following configuration which can be deployed from an app onto your forwarders :

clientName = deploymentClient
* Defaults to deploymentClient.
* A name that the deployment server can filter on.
* Takes precedence over DNS names.

As shown here :
https://docs.splunk.com/Documentation/Splunk/7.2.6/Admin/Deploymentclientconf#.5Bdeployment-client.5...

Cheers,
David

0 Karma

Influencer

You can set deployment client name in you forwarders deploymentclient.conf and use it in "Include (whitelist)" field on deployment server.

[deployment-client]
clientName = deploymentClient
* Defaults to deploymentClient.
* A name that the deployment server can filter on.
* Takes precedence over DNS names.
0 Karma