Thanks Woodcock with that hint I now have a list of UFs with hostname/IP. It would be great if you can give some insights on steps to deploy the Splunk fix datetime app to all the UFs.

Thanks,

Come back here and post your whole search as a comment here for others to use.

Sorry for the delay. Here is a good query that I don't know the source, but it works very well:
index=_internal source=*metrics.log group=tcpin_connections
| eval sourceHost=if(isnull(hostname), sourceHost,hostname)
| rename connectionType as connectType
| eval connectType=case(fwdType=="uf","univ fwder", fwdType=="lwf", "lightwt fwder",fwdType=="full", "heavy fwder", connectType=="cooked" or connectType=="cookedSSL","Splunk fwder", connectType=="raw" or connectType=="rawSSL","legacy fwder")
| eval version=if(isnull(version),"pre 4.2",version)
| rename version as Ver
| fields connectType sourceIp sourceHost destPort kb tcp_eps tcp_Kprocessed tcp_KBps splunk_server Ver
| eval Indexer= splunk_server
| eval Hour=relative_time(_time,"@h")
| dedup sourceIp
| stats avg(tcp_KBps) sum(tcp_eps) sum(tcp_Kprocessed) sum(kb) by Hour connectType sourceIp sourceHost destPort Indexer Ver
| fieldformat Hour=strftime(Hour,"%x %H")

There are several answers posts already on this and be sure to check out the page in the banner advertisement on answers (look at the top of this page), too:
https://docs.splunk.com/Documentation/Splunk/latest/ReleaseNotes/FixDatetimexml2020