Here is my situation. I set up one Windows box with a Universal Forwarder, V6.3. This one forwarder was to be the one that all the many other forwarders would be cloned from. An older version of a Forwarder was placed on these other Windows boxes when another group created a Windows image. This older version was never set up properly.
In an effort to clean things up, the process that was used to re-do the Forwarders was the following;
Stop the Forwarder service on the Windows box
Delete the “C:\Program Files\SplunkUniversalForwarder\” directory.
Copy in the new, updated, directory, “C:\Program Files\SplunkUniversalForwarder\”.
Restart the service
Everything looked OK but I'm using a separate server as a Deployment server and monitoring server. When I went to the Distributed Management Console under Forwarders>Instance I see the message below;
Note: Multiple forwarders installed on one host appear with identical host names, but different GUIDs.
When I went through all the devices listed, I only saw one entry for each hostname but I noticed that the GUIDs were all the same.
Does anyone know what's going on and how I can clean this up?