ONTAP Discussions

Syslog into Splunk, the host field contains the intercluster LIFs


I'm starting to use Splunk to ingest amongst other things syslog from a number of FAS systems, running cDOT 9.1P5 atm.


As such, it works and I'm able to index and search the syslog data in Splunk. I'm still learning, but I noticed that the field "host" in Splunk resolves to the two Intercluser LIFs I have configured for SnapMirror/Vault replication to another FAS.


I'd very much prefer if the host field was the cluster management LIF, or the node management LIFs.


Anyone with experience with the Splunk integration? I've not examined the raw syslog data yet, I've installed the Splunk Add-On for Netapp to get the "ontap:syslog" sourcetype and as I mentioned, I can see the basic flow of syslog data coming in.

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner