Hi All, I have a scenario where there are many servers having the same hostname due to some requirements of the applications running on them. Now, the splunk universal forwarder agent has been successfully deployed on all of them and the inputs.conf and outputs.conf have been manually configured there. These are windows servers. It's very difficult to manage all of these servers manually by editing the inputs.conf so what I'm trying to do is manage them centrally via the Deployment Server. However after the deploymentclient.conf file has been configured there, all of the servers are not showing up on the Deployment Server because of them having the same hostname. I get one entry against the hostname on the Deployment Server. My question here is that what changes do I need to make so that all of them report successfully on the Deployment Server? I've been thinking of pushing a deploymentclient.conf file via the Deployment Server with the clientName value set to $HOSTNAME-$IPADDRESS. Is this possible? What other environment variable can I use other than $HOSTNAME to make the clientName unique? Lastly, when the logs are being received in Splunk, the host value that shows up there has been manually set for each server in the inputs.conf file with HOSTNAME-IP Address, so when I remove the manual configurations and push the inputs.conf via deployment server, will the host = $HOSTNAME-$IPADDRESS work? Thank you.
... View more