We have recently moved from having an internal hosted Splunk setup to Splunk Cloud. Before the move to the Cloud all of our logs sent to syslog-ng kept the correct host information. Now though we have lost this and only see the syslog server as the host. All of the syslog-ng settings are the same, but the change is that we have added a Heavy Forwarder to act as a central spot to send all logs through.
We really would like to keep the original host information if we could. Is this possible with this setup and if so, what config needs to change on the Heavy Forwarder?
Thanks
↧