Hi,
We have a Splunk system set up. When we log into splunk and go to the search dashboard, all the sources appear with the IP and port eg: 10.12.34.56:1001
We would like to be able to see a more descriptive representation of the url, rather than the IP e.g. Application Server 1
We know this can be achieved by setting the source = "Application Server 1" in inputs.conf. However, when we do so, all the logs which are already indexed do not appear under Application Server 1 but they remain under 10.12.34.56:1001.
Is there a way how to change the source of the logs which are already received?
Thanks
Simon
... View more