Yeah i guess its not that big of a deal. Is there any place where you can send a bug repport?

Its a bit more strange that the windows host dont show up in the windows app, just the search upp, you see all the WineventLog:Security etc but just in the search app.

This has also been an issue for me. While collecting logs via WMI, sometimes a machine that has a hostname of dc01 will be pulled into Splunk as dc01, DC01, or even dc01.domain.org. As mw stated, searches are not case sensitive, so i can search for all logs from this host by using host="dc01*".

There are some known issues (bugs) regarding how hostnames are retrieved. Some of this is fairly difficult to control, e.g. if Splunk receives a logfile with dc01.fqdn in it, it would probably be difficult to normalize that. It could be a bad idea to just lop off the domain. However, there are cases where Splunk data sources (e.g. perfmon or WMI) don't use a consistent means to gather the hostname, which is stupid and hopefully being resolved soon. All hostnames should be lowercased and the same method should be used to retrieve the hostname when dealing with scripted inputs. I'm not sure how fqdn vs. short name should be handled though -- I think you're left with 2 entries in that case.

On the upside, searches are not case sensitive for field values, so "host=dc01" will retrieve events for dc01 and DC01".