×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
prusconi
New Member
Member since: ‎02-08-2026
‎03-05-2026
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-08-2026
Activity Feed
View All

Change Universal Forwarder host/servername

by in Deployment Architecture
‎03-05-2026 08:31 AM
‎03-05-2026 08:31 AM
Hi, I work with a distributed Splunk Enterprise architecture and I am trying to update how some Universal Forwarder show themselves while sending data and while they communicate with the Deployment Server. In order to do this I: created an inputs.conf in /etc/system/local with a stanza contianing the config: [default] host=NEWSERVERNAME updated in the server.conf in /etc/system/local: [general] serverName = NEWSERVERNAME I also delete the instance.cfg in order to make Splunk create a new GUID during the restart of service. What happened: The UF started sending data and the host field shows NEWSERVERNAME as expected The UF is not able to communicate with the Deployment Server. I looked into the internal logs of the UF and I found that when it performs the Phonehome: Running phone uri=[...]_OLDSERVERNAME_NEWGUID So it sees the new GUID but it tries to present itself to the Deployment Server with its old servername.  Where does the UF still find the old servername?  Thanks! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-05-2026 08:20 AM