This documentation does not apply to the most recent version of Splunk.
This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13
The host value of an event is the hostname or IP address of the network host which originated the event. When Splunk is running on the server where the event occurred the assignment of host is straight forward. The default name is the host of the Splunk server. Host is added as a tag to all events in Splunk's index.
Change the default host value via Splunk Web. Click on the Admin button in the upper right hand corner. Select Server: View Settings. Change the Default host name under the Datastore section. This sets the host tag for all events that don't receive any other host name.
This host assignment is written in inputs.conf during installation. Modify the host entry by editing $SPLUNK_HOME/etc/system/local/inputs.conf.
This is the format of the host assignment in inputs.conf:
host = <string>
* This is a shortcut for MetaData:Host = <string>. It sets the host of
events from this input to be the specified string. "host::" is
automatically prepended to the value when this shortcut is used.
Set your own host value by changing the entry for <string>.