Hello,
We are currently in the process of moving some of our hosts from Solaris to Windows. These hosts are part of Veritas clusters.
Currently, the Solaris hosts report the Veritas cluster name via the Universal Forwarder. We'd like to mimic this behavior within the Windows environment.
I've attempted multiple things, including updating the host entry within the inputs.conf file, to no avail. Splunk continues to report the physical host name of the server that the processes are running on.
Any idea how to hard code the host name that is reported to our aggregation server via the Universal Forwarder?
Thanks!
↧