Hello,
I deployed a Splunk APP that listens to TCP in port 7001, protocol starts with the following code:
inputs.conf:
tcp:7001]
index = metrics
sourcetype = statsd
And I have in \splunk-forwarder\etc\system\local\inputs.conf the following definition:
[default]
host = myhostname
index = prod
The index value is correctly overwritten. :)
The problem happens when I am searching for mstats, the value for the host is 127.0.0.1,
which is the IP where I am sending my metrics with powershell.
I can't understand why the value host = myhostname is overwritten, I have no definition of this field in the Splunk APP deployed.
Can someone help me?
↧