I'm not that much of an expert on Windows but your search most probably simply returns list of changed accounts. Since Windows uses account for machines as well, you're getting them in the results. It's not about Splunk but about how you distinguish user accounts from the machine accounts. If I remember correctly, the machine accounts have a dollar sign at the end (or at the beginning?). Filtering them out should do the trick then.
I'm not that much of an expert on Windows but your search most probably simply returns list of changed accounts. Since Windows uses account for machines as well, you're getting them in the results. It's not about Splunk but about how you distinguish user accounts from the machine accounts. If I remember correctly, the machine accounts have a dollar sign at the end (or at the beginning?). Filtering them out should do the trick then.
What is your expected output? What is the difference between a "system name" and a "local discovered account"? Remember, this is a Splunk board. Most people have no knowledge about your specific data even if LogName=Security may seem obvious to you.