When polling the server the host is reported as "localhost". Is there anyway to rename this? Perhaps with a lookup or some other method?
::$SPLUNKHOME/etc/system/local/inputs.conf
[default]
host = <hostname>
::$SPLUNKHOME/etc/system/local/server.conf
[general]
serverName = <hostname>
pass4SymmKey = $1$foobar
Check the above files and make sure they have the hostname you would like. If you are running on a NIX platform, also check the /etc/hostname file.
This is in reference to the remote Azure server itself, rather than the Splunk server.
Jack,
Sorry for the misunderstanding.
When you say remote Azure server, you mean the instance in which you have deployed the Azure Add-On?
If you are talking about the Add-On, then the files I mentioned above are configuration files you would find on the Splunk Universal Forwarder