diff --git a/Vagrant/resources/splunk_server/props.conf b/Vagrant/resources/splunk_server/props.conf
index d4bd90d..e0b130c 100644
--- a/Vagrant/resources/splunk_server/props.conf
+++ b/Vagrant/resources/splunk_server/props.conf
@@ -1,5 +1,8 @@
 [source::WinEventLog:*]
 TRANSFORMS-host = wef_computername_as_host
+TRANSFORMS-removedescription1 = removeEventDesc1
+TRANSFORMS-removedescription2 = removeEventDesc2
+TRANSFORMS-null = autoruns_wineventlog_null
 
 [powershell_transcript]
 TRANSFORMS-powershell_rename_host = powershell_rename_host
@@ -23,5 +26,3 @@ TRUNCATE = 0
 [osquery:status]
 TRANSFORMS-null = osquery_status_filter
 
-[WinEventLog]
-TRANSFORMS-null = autoruns_wineventlog_null