Host name issue on new installations
The following issue pertains to the name of the Splunk system in 4.3. It applies only to new installations of 4.3. Direct upgrades are not affected.
Splunk server instance name for a new (not upgraded) 4.3 installation
A new installation of Splunk 4.3 will use a different Splunk instance name from new installations of 4.2.3 or earlier.
This value is exposed as
splunk_server in search, and it is used in distributed search to identify each node, which has server-to-server authentication implications for distributed search.
You might see that the value of
splunk_server is capitalized on Windows, or looks like
hostname-root on UNIX.
- On Windows, Splunk uses %COMPUTERNAME% for the internal instance name.
- On UNIX, Splunk uses $HOSTNAME.
If you are in a distributed search environment, this is important because you might have searches which select where to run based on the value of the
splunk_server field or use the value of
splunk_server to report on your data.
Splunk Enterprise and anti-virus products
Workaround for SSL configuration for users of Firefox 3
This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7