Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

when set no_priority_stripping = true the host change

$
0
0
Hi, when I set no_priority_stripping = true the host change from IP Address to Host name when performing a search in splunk. Example Host="10.10.10.170" to Host="ABC-DEVICE" Before set no_priority_stripping = true in inputs.conf Below is syslog event send to splunk 2:31:50.000 PM <134> 1 2019-11-15T14:31:50-08:00 ABC-DEVICE server - - [meta sequenceId="13" enterpriseId="2634.1.17.16" vendorId="WTI"] CPM: ABC-DEVICE, (AUDIT LOG) DATE-TIME: 11/15/19 14:31:50 host = ABC-DEVICE source = udp:514 sourcetype = syslog After remove set no_priority_stripping = true from inputs.conf Nov 15 14:07:57 192.168.100.170 1 2019-11-15T14:07:57-08:00 ABC-DEVICE server - - [meta sequenceId="8" enterpriseId="2634.1.17.16" vendorId="WTI"] CPM: ANTHONY-TEST, (AUDIT LOG) DATE-TIME: 11/15/19 14:07:57, host = 10.10.10.170 source = udp:514 sourcetype = syslog Anyone have any idea why Splunk Stripping the IP Address and replace it with the Host name instead.

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>