...a million years later....
Here Splunk says that one of the fields ( ip | mac | nt_host | dns) is required. So I believe as long as you have ONE of the other fields nt_hosts isn't required. With that being said I have the same question. It sounds like this will function but would it hurt to put the Linux server's hostnames there for reference?
... View more