Universal Forwader Hostname issues

sreejithpoothu · ‎09-17-2012

I have a universal forwader insatlled on AWS cloud instance.As autoscaling is set,when it met certain conditions,this instance will terminate and new instance will be created.But the issue is that on the new instance inputs.conf showing the old hostname,is there any way for splunk to automatically detect the hostname.Please help.

sreejithpoothu · ‎09-18-2012

we are using splunk version 4.3.2.

sreejithpoothu · ‎09-17-2012

Hi Mario,

When i am doing it manually,hostname not changing.Stopped splunk and removed host entry in inputs.conf and removed guid in server.conf.Then started splunk still splunk not able to populate the hostaname.

MarioM · ‎09-18-2012

is your /etc/hosts and /etc/hostname being updated?

are your able to try with 4.3.4?

sreejithpoothu · ‎09-18-2012

OS in ubuntu12.04

sreejithpoothu · ‎09-18-2012

we are using splunk version 4.3.2.

MarioM · ‎09-17-2012

it should...which version of splunk and OS are you running?

MarioM · ‎09-17-2012

no you will need to do something similar to this similar question : universal-forwarder-on-dhcp-address

Universal Forwader Hostname issues

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...