Hi all,
New to Splunk here. I have configured 100 servers to send syslog data. I did this by using puppet to install the universal forwarder, and set a deployment server address to my Splunk server, then in Splunk, I built an app to send syslog data back (using inputs.conf and outputs.conf). The app gets deployed.
I now have syslog data in my Splunk install!
However, given some history on some of these servers, I am getting multiple hostnames per server. (mostly abc and abc.domain.com)
Can I configure Splunk to overwrite the hostname from the logs?
In inputs.conf I tried to add
host=
However that did not seem to work.
Hi There,
Check this out, here's the answer to your question: https://answers.splunk.com/answers/45899/how-can-i-use-the-fully-qualified-domain-name-fqdn-as-the-h...
Enjoy!