Hi everyone.
I am using an Splunk Enterprise environment with one Master and two peer nodes in cluster.
I set this inputs.conf configuration on my Master:
[udp://192.168.0.200:10514]
connection_host = none
host = lnxsyslogclient
source = syslog_d
sourcetype = syslog
index = linux-syslog
The syslog source host is sending data correctly, master receives the data and send it to indexers correctly.
The only thing that is not working is that, on my search, i still see host=ip address (host=192.168.0.200).
If I send the data using Universal Forwarder on the source, and set inputs.conf on source host, the host is set correctly.
Any clues?
Thanks in advance.
Fabio N.
↧