Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Enterprise Server Change of Domain

ws
Path Finder
‎07-17-2025 01:37 AM

Hi,

 

I would like to request further assistance regarding the following.

If I intend to change the domain of my existing All-in-One Splunk Enterprise server, what are the key areas I should be aware of, and which configuration files need to be updated?

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PrewinThomas
Motivator
‎07-17-2025 04:08 AM

@ws 

In that case mainly you need to update these .confs what i remember,

-server.conf -Update serverName = splunk.test2.com
-inputs.conf -Update host=splunk.test2.com if it were set with old name
-web.conf -Update mgmtHostPort if it reference old name
-SSL certs -Regenerate certs with new hostname if HTTPS is used

Also check network devices configured with this new hostname/IP and update DNS records,Firewall rules if applcicable.

Regards,
Prewin
Splunk Enthusiast | Always happy to help! If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

View solution in original post

0 Karma
Reply
Solved! Jump to solution

ws
Path Finder
‎07-17-2025 11:29 PM

@PrewinThomas

Thanks for providing the information. I'll take note of if require performing the domain change.

 

But if there happen to be deployment clients connected, I'll need to update the outputs.conf to the new destination, right??

0 Karma
Reply
Solved! Jump to solution

PrewinThomas
Motivator
‎07-17-2025 11:49 PM

@ws 

Absolutely. You'll need to update the outputs.conf file on all forwarders that send data to this server.
Additionally, if this server is functioning as a deployment server, make sure to update the deploymentclient.conf file on the relevant clients as well.

You can also consider using a DNS alias approach(depends on your environment) if you anticipate changing hostnames again in the future, without interrupting the forwarders splunk confs.

Regards,
Prewin
Splunk Enthusiast | Always happy to help! If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

0 Karma
Reply
Solved! Jump to solution

ws
Path Finder
‎07-17-2025 03:47 AM

Based on my current understanding, the following:

- The domain name will be changed from splunk.test1.com to splunk.test2.com.

- Splunk is installed on a RHEL (Red Hat Enterprise Linux) operating system.

- Network devices are forwarding data directly to the Splunk All-in-One (AIO) instance.

- There are currently no deployment clients connected.

- No API calls are being utilized at this time.

0 Karma
Reply
Solved! Jump to solution
Solution

PrewinThomas
Motivator
‎07-17-2025 04:08 AM

@ws 

In that case mainly you need to update these .confs what i remember,

-server.conf -Update serverName = splunk.test2.com
-inputs.conf -Update host=splunk.test2.com if it were set with old name
-web.conf -Update mgmtHostPort if it reference old name
-SSL certs -Regenerate certs with new hostname if HTTPS is used

Also check network devices configured with this new hostname/IP and update DNS records,Firewall rules if applcicable.

Regards,
Prewin
Splunk Enthusiast | Always happy to help! If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

0 Karma
Reply
Solved! Jump to solution

PrewinThomas
Motivator
‎07-17-2025 02:52 AM

@ws 

It will be very helpful if you can share more details on your architecture and setup.

Changing the Windows domain membership affects things like

-Domain-based authentication (LDAP/SSO)
-Group policies
-Firewall rules etc..

Changing the FQDN affects:
-Internal hostname resolution
-SSL cert identity
-Forwarder and peer configurations if they reference FQDN directly
-REST API calls, HEC endpoints, scripted inputs if there's any
-And yes, if deployment clients connect to this instance.

Regards,
Prewin
Splunk Enthusiast | Always happy to help! If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

0 Karma
Reply
Solved! Jump to solution

livehybrid
SplunkTrust
SplunkTrust
‎07-17-2025 01:44 AM

Hi @ws 

When you refer to changing the domain, do you mean that this is a Windows AIO Splunk instance and you're changing the domain that the server lives in? Or is it the FQDN of the servername etc that you want to change?

Do you have any deployment clients connecting to your Splunk instance? 

Please give us a little more detail about your overall architecture so that I can drill down further.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...