Spread our blog

Usage Of host_segment Attribute In inputs.conf

“Host_segment” is the attribute used in inputs.conf to define host name from the path mentioned in the monitor stanza.

host_segment = <integer>

If <integer> is N , Splunk treats the Nth “/” ( for windows “\” ) -separated segment of the path mentioned in the monitor stanza of inputs.conf as ‘host’.
For example, if host_segment=3, the third segment will be treated as “host”.
If the value is not an integer or is less than 1 or not mentioned, then the default ‘host’ setting will be applied.
Let’s take an example suppose we want to ingest data into splunk from a path “/tmp” and there are three folder named as host_one, host_two and host_three and in each and every folder we have some text file and we want to ingest all text files into Splunk. Now we want to define those host_one, host_two and host_three as host names of those text files.

I hope you have understood the concept so let’s start.
So go the following path and open inputs.conf


And within the inputs.conf, write.

host_segment = 2
index = test_index
sourcetype = host_segment

Now save it and restart your Splunk server by going to the $SPLUNK_HOME\bin.

Now go to the GUI of your search head and search that index for the data you have just ingested.
Log in to Splunk with your credentials.

And search.



Here we have mentioned host_segment = 2 that’s why it took 2nd “/” separated segment of the given path from monitor stanza which is “host*” (i.e. host_one, host_two and host_three).
I hope you all have understood this tricky but simple concept of “Usage Of host_segment Attribute In inputs.conf”.

Happy Splunking !!!

You can also know about :  HEC (Http Event Collector) with Syslog-NG :  Aggregated  and Scalable Data Collection Method in Splunk
What’s your Reaction?

Spread our blog


Please enter your comment!
Please enter your name here