From 83f5bf601cbe38e1f4018481905db007a23898aa Mon Sep 17 00:00:00 2001
From: Chris Long <clong@cl0ng.com>
Date: Wed, 12 Aug 2020 23:02:33 -0700
Subject: [PATCH] Add transforms to remove eventid description text

---
 Vagrant/resources/splunk_server/props.conf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Vagrant/resources/splunk_server/props.conf b/Vagrant/resources/splunk_server/props.conf
index d4bd90d..e0b130c 100644
--- a/Vagrant/resources/splunk_server/props.conf
+++ b/Vagrant/resources/splunk_server/props.conf
@@ -1,5 +1,8 @@
 [source::WinEventLog:*]
 TRANSFORMS-host = wef_computername_as_host
+TRANSFORMS-removedescription1 = removeEventDesc1
+TRANSFORMS-removedescription2 = removeEventDesc2
+TRANSFORMS-null = autoruns_wineventlog_null
 
 [powershell_transcript]
 TRANSFORMS-powershell_rename_host = powershell_rename_host
@@ -23,5 +26,3 @@ TRUNCATE = 0
 [osquery:status]
 TRANSFORMS-null = osquery_status_filter
 
-[WinEventLog]
-TRANSFORMS-null = autoruns_wineventlog_null