Getting Data In

clientName vs host name question ?

sieutruc
Contributor

Hello,

I get confused between clientName (in deploymentclient.conf) and host (in inputs.conf).
Can i use clientName instead of host when sending data to the receiver ? is clientName set as host of the events that will be indexed at indexer ?

Because i have to filter the client machine according to each kind of Windows , so i name each of such kind as client[WinsVersion]. i set clientName like that to register with deployment server. Now for routing these events, how can i use clientName as host of those machines ?

Tags (1)

bwooden
Splunk Employee
Splunk Employee

When a deployment server receives a request from a deployment client, it will attempt to place it in one or more serverclasses by evaluating this information in the following order (machine types are also evaluated, but we'll ignore that for purposes of this conversation)

  1. clientName (attribute from client's deploymentclient.conf)
  2. ip address
  3. host name (as determined via dns)
  4. host name (as determined by client)

The host value in inputs.conf does not come into play here.

The default value of clientName in deploymentclient.conf is deploymentClient. If you're overriding that with a custom choice, you can reference that value in the serverclass.conf of your deployment server's whitelists and blacklists.

bwooden
Splunk Employee
Splunk Employee

You can push configurations to those clients by building apps in deployment-apps and assigning them to a serverClass matching your clientName. It would be undesirable to update host name in inputs.conf for this purpose (and would not affect deployment server evaluation as the hostname reported is not pulled from inputs.conf). We generally want to keep the host value in inputs.conf unique to represent the host of the individual machine so we can distinguish between hosts in search language.

0 Karma

sieutruc
Contributor

So do you know how to set automatically host in inputs.conf as clientName that i set for the deployment client ?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...