Hello @JC34209324,
No need to be alarmed. This doesn't mean that SERVERNAME$ was added to Administrators group, but instead that SERVERNAME$ was the source that made the change. This is some default behavior in the Security and Audit events. the behavior describes an inconsistency (still not explained) where the SERVERNAME is used instead of USERNAME\USER format.
There is a previous thread that describes this in a different scenario (using Exchange Management Console) but it applies to other aspects of the Event logging.
Hope this resolves your query,
Best regards,
--If the the reply is helpful, please Upvote and Accept as answer--