I used the variable "$COMPUTERNAME" in my app's inputs.conf file. For all the PCs that got it, it's reporting their computer name, as expected. The only one that's a problem is my computer. For a while, I wasn't seeing any data for it. That's until I realized, it was sending data under the host $COMPUTERNAME. I ran "splunk show servername" and it shows the right host name.
By not specifying a host value, Splunk UF will automatically send the correct hostname.
By not specifying a host value, Splunk UF will automatically send the correct hostname.
When Splunk starts up for the first time, it writes a new inputs.conf in the $SPLUNK_HOME/etc/system/local subdirectory. This inputs.conf contains just a [default] section like you've described above, with the host set to the "discovered" name of the system. If you are looking to create a system image:
http://docs.splunk.com/Documentation/Splunk/6.5.0/Admin/Integrateauniversalforwarderontoasystemimage
I'm not actually trying to create a system image (although I might in the future). I simply created an app on the Splunk server, and deployed it to existing clients. Clients are only referencing the app, not the /etc/system/local conf (that's my intention anyway). Since this is going out automatically, the hostname needs to be a variable. This worked for all laptops except one (my own).