diff --git a/Vagrant/resources/splunk_server/transforms.conf b/Vagrant/resources/splunk_server/transforms.conf
index 0f9b468..cdf7ff3 100644
--- a/Vagrant/resources/splunk_server/transforms.conf
+++ b/Vagrant/resources/splunk_server/transforms.conf
@@ -23,3 +23,15 @@ FORMAT = nullQueue
 REGEX = "Script\sName\s=\sC\:\\Program Files\\AutorunsToWinEventLog\\AutorunsToWinEventLog.ps1"
 DEST_KEY = queue
 FORMAT = nullQueue
+
+[removeEventDesc1]
+LOOKAHEAD = 20000
+REGEX = (?msi)(.*)This event is generated
+DEST_KEY = _raw
+FORMAT = $1
+
+[removeEventDesc2]
+LOOKAHEAD = 20000
+REGEX = (?msi)(.*)The subject fields indicate
+DEST_KEY = _raw
+FORMAT = $1