syslog has info from local and remove machines
the *nix app is fixed by host= entry
but, the same host writes things to syslog,and other nodes writes to syslog through syslogd, these entires dont have the domaine, for example,
Aug 12 14:20:06 xen00 last message repeated 3 times
this doesnt have the domain name, so the same machine, from different SplunkLightForwarders in different locations will be indexed under the same hostname.
i want splunk in each location to add a domain name to the hostname it sees in syslog.
... View more