Solved: Help with setting the hostname path on ~200 server...

FIS1 · ‎08-30-2017

We are pushing out forwarders to over 200 servers this month. I intend to connect the forwarders to a deployment server and then push out the server.conf file using the below setup.

[general]
serverName = $HOSTNAME

Since there are so many servers I do not want to manually set the hostname for each server. This seems to work but when I got to edit the inputs.conf file we have to monitor a server.log file that has the hostname before it.

[monitor:///testarea/host1_server.log]

I have tried setting "host1" to "$HOSTNAME" and "hostname". All which return the actual we are trying to monitor

When doing a ls -ltr on /testarea/$HOSTNAME_server.log it returns /testarea/host1_server.log.

Is Splunk able to do this?

jkat54 · ‎08-30-2017

Why wouldnt you just use a wildcard in your monitor stanza?

[monitor:///testarea/*_server.log]

View solution in original post

ddrillic · ‎08-30-2017

You can run during the install process something like the following command -

/opt/splunk/splunkforwarder/bin/splunk set default-hostname <host>

jkat54 · ‎08-30-2017

Why wouldnt you just use a wildcard in your monitor stanza?

[monitor:///testarea/*_server.log]

FIS1 · ‎08-30-2017

Thanks jkat54 ... smh not sure why i was thinking i needed to get hostname for that path as that is the only file that ends with _server.log.

Help with setting the hostname path on ~200 servers?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life