I had host1 and host2
host1 had username test1 and host2 have test2.
than i remove all data with host1 from my splunk
and all logs from host2 in field user having username test1
i reinstall Linux Auditd (with addons) recreated indexs and recollected logs and host2 still have in field user test1 instead test2
script Generate posix_identities lookup generated to me lookup learnt_posix_identities with username test1
but in all my logs and lookups i don't have username test1
Generate posix_identities lookup
have no idea hot to fix it.