We installed and got Citrix Netscaler with Appflow working in our Splunk Cloud instance. The Netscalers are sending data to heavy forwarders. The heavy forwarder has the TA installed for both Netscaler and Appflow and we are receiving data. The problem is that some hosts are showing under the name of the heavy forwarder instead of the host name and other hosts show as "ns" instead of the hostname. I unremarked the "connection_host = dns" part, but the issue persists. Any ideas?
↧