This is a feature request.
With Enterprise Security and ITSI both providing their own means of assigning aliases to hosts, I'm wondering if a built-in asset database in Splunk Enterprise is being considered?
It doesn't have to support lots of metadata fields or try to do what a CMDB does, but merely return all events from host1 independent on whether I search for host=host1, host=host1.example.com or host=vanity-name.
There are multiple ways to do this today, such as using lookups or tags, but none of these methods are transparent to the end user doing the search.
If this was in Core Splunk other apps could automatically leverage this functionality.
↧