All,
Building my Assets.csv file for ES. Just curious about the nt_host field. Is this required? For example with my Linux hosts so I need to go ahead and still fill it out with the Linux server name? Harmful to do so? Harmful to not?
...a million years later....
Here Splunk says that one of the fields ( ip | mac | nt_host | dns) is required. So I believe as long as you have ONE of the other fields nt_hosts isn't required. With that being said I have the same question. It sounds like this will function but would it hurt to put the Linux server's hostnames there for reference?
http://docs.splunk.com/Documentation/ES/4.7.0/Admin/Formatassetoridentitylist#Asset_lookup_header
We have ours populated with nix hosts. Not harmful at all.