Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can i set unique hostname on Splunk Windows Forwarder?

Oracle
Explorer
‎05-19-2019 08:44 PM

Hi Guys,

Need help on this... Currently, we have ongoing integration of Splunk forwarder to Deployment Server the issue was some of the servers has the same hostname. Is there a way we can set the hostname uniquely without editing the hostname/computer name on Operating System?

As far as I know, in Splunk Forwarder Windows the default hostname will be the Computername. In Linux, by changing the inputs.conf and server.conf of hostname configuration it was working properly the way you inputted the hostname on that configuration file. Is there any workaround to reflect the hostname correctly on deployment server and indexing without editing the hostname on OS level?

Any suggestion/help would be greatly appreciated. Thank you

0 Karma
Reply

DavidHourani
Super Champion
‎05-19-2019 11:48 PM

Hi @Oracle,

As you can see in the link below you can change the hostname either via CLI or config file :
https://answers.splunk.com/answers/154999/how-can-i-change-the-default-hostname-in-splunk.html

If you need to change the name in order to be able to manage your server more easily from the deployment server I advise you to use the following configuration which can be deployed from an app onto your forwarders : 

clientName = deploymentClient
* Defaults to deploymentClient.
* A name that the deployment server can filter on.
* Takes precedence over DNS names.

As shown here :
https://docs.splunk.com/Documentation/Splunk/7.2.6/Admin/Deploymentclientconf#.5Bdeployment-client.5...

Cheers,
David

0 Karma
Reply

manjunathmeti
Champion
‎05-19-2019 11:40 PM

You can set deployment client name in you forwarders deploymentclient.conf and use it in "Include (whitelist)" field on deployment server.

[deployment-client]
clientName = deploymentClient
* Defaults to deploymentClient.
* A name that the deployment server can filter on.
* Takes precedence over DNS names.
0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...