I do not know much about the logging for splunk, but if we don't include host separately it can always be deduced.
In transparent mode, a request looks like:
GET www.example.com/foobar
In standard mode, a request looks like:
GET /foobar
Host: www.example.com
My recollection is that in both cases we log as www.example.com/foobar
You should be able to parse the URL and pull out the hostname/fqdn.
I do not know much about the logging for splunk, but if we don't include host separately it can always be deduced.
In transparent mode, a request looks like:
GET www.example.com/foobar
In standard mode, a request looks like:
GET /foobar
Host: www.example.com
My recollection is that in both cases we log as www.example.com/foobar
You should be able to parse the URL and pull out the hostname/fqdn.