Getting Data In

Help with setting the hostname path on ~200 servers?

FIS1
Explorer

We are pushing out forwarders to over 200 servers this month. I intend to connect the forwarders to a deployment server and then push out the server.conf file using the below setup.

[general]
serverName = $HOSTNAME

Since there are so many servers I do not want to manually set the hostname for each server. This seems to work but when I got to edit the inputs.conf file we have to monitor a server.log file that has the hostname before it.

[monitor:///testarea/host1_server.log]

I have tried setting "host1" to "$HOSTNAME" and "hostname". All which return the actual we are trying to monitor

When doing a ls -ltr on /testarea/$HOSTNAME_server.log it returns /testarea/host1_server.log.

Is Splunk able to do this?

0 Karma
1 Solution

jkat54
SplunkTrust
SplunkTrust

Why wouldnt you just use a wildcard in your monitor stanza?

[monitor:///testarea/*_server.log]

View solution in original post

ddrillic
Ultra Champion

You can run during the install process something like the following command -

/opt/splunk/splunkforwarder/bin/splunk set default-hostname <host>
0 Karma

jkat54
SplunkTrust
SplunkTrust

Why wouldnt you just use a wildcard in your monitor stanza?

[monitor:///testarea/*_server.log]

FIS1
Explorer

Thanks jkat54 ... smh not sure why i was thinking i needed to get hostname for that path as that is the only file that ends with _server.log.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...