What exactly is that talkers name is one of the most frustrating problems in syslog eventing and the most frustrating in analytics. For far too long the choices have been to use the devices name OR use reverse DNS but never both. Today SC4S 1.20.0 solves this problem by doing what you would do!
- If the device has a host name in the event use that
- Else if our management/cmdb solution knows the right name use that instead
- Else maybe someone updated DNS try that instead.
Simple logical easy to understand and available now in Splunk Connect for Syslog. No more of this
Plenty more like this