Hello, We have a single instance splunk deployment. I have installed Universal Forwarder on an Win 2012 R2 Active Directory DC. Upon checking / searching for the events in Splunk Search UI, i noticed it shows 2 different host names for the same DC server. Screenshot below. How to resolve this ? If i click on the 1st host "LAN-AD', it shows events related to CPU, Memory monitoring whereas if i click on the other one, this shows events related to Security Events, Application Event log etc.
![alt text][1]
[1]: /storage/temp/252190-capture.jpg
↧