Some source types can co-exist on the same host and therefore LogLogic LMI will create multiple source entries for those device types if LMI can identify the different types. Although not recommended by Microsoft, a single Windows system can host Microsoft Exchange, Microsoft IIS, Microsoft DNS, Microsoft Active Directory and other software products. Each of these named products is a device type that LogLogic can identify which means a separate device entry will exist in LMI to keep these logs separated for searching and retention purposes.

There are other legitimate reasons for why multiple device types can exist for the same IP address. Another example is an IP address belonging to a decommissioned Windows server being reused to deploy a Sun Solaris system. Any variation on that scenario can cause multiple log source entries in LMI as long as the all the event data is still within its retention period and as long as the source types in question are known as IP sharing source types. All operating system source types that LMI can identify are defined as IP sharing sources in LMI because there can be many other applications generating logs on the same source (as described above). Examples of non-IP sharing sources are Cisco Switch and Cisco FWSM because all logs originating from those source types will be identified only as Cisco Switch or Cisco FWSM, respectively.