I'm currently forwarding all network device logs (syslog) from a syslog server (rsyslog - running on RHEL 7) to an indexer via universal forwarder (UF). The logs are making it to the indexer (index=syslog), but under 'selected fields' on the 'search & reporting' app no host name is being shown (?), just source and sourcetype.

Has anyone ever seen anything like this?