I had host1 and host2
host1 had username test1 and host2 have test2.
than i remove all data with host1 from my splunk
and all logs from host2 in field user
having username test1
i reinstall Linux Auditd (with addons) recreated indexs and recollected logs and host2 still have in field user
test1 instead test2
script Generate posix_identities lookup
generated to me lookup learnt_posix_identities
with username test1
but in all my logs and lookups i don't have username test1
have no idea hot to fix it.