It is awesome that they built this into version 6.2+!
I tried it, but with no luck. What I would to get is the IP address of the Splunk UF associated with an event.
We have a ton of events coming from cloud hosts which have artifical hostnames that we have created and assigned in the inputs.conf. So I can't use "host" value in splunk for a reverse lookup.
What I really want to reveal is the ip associated with the Splunk UF agent for each event.
I can see these ip addresses in the Deployment Server view but they are lost as my search head view.
Any suggestions?
... View more