diff --git a/Vagrant/resources/splunk_server/transforms.conf b/Vagrant/resources/splunk_server/transforms.conf
index 5e76d4c..abdd80a 100644
--- a/Vagrant/resources/splunk_server/transforms.conf
+++ b/Vagrant/resources/splunk_server/transforms.conf
@@ -20,11 +20,11 @@ DEST_KEY = queue
 FORMAT = nullQueue
 
 [osqueryd_wineventlog_null]
-REGEX = "Process_Name=C:\\Program Files\\osquery\\osqueryd\\osqueryd.exe"
+REGEX = "Process\sName:\s+C:\\Program Files\\osquery\\osqueryd\\osqueryd.exe""
 DEST_KEY = queue
 FORMAT = nullQueue
 
 [autoruns_wineventlog_null]
 REGEX = "Script\sName\s=\sC\:\\Program Files\\AutorunsToWinEventLog\\AutorunsToWinEventLog.ps1"
 DEST_KEY = queue
-FORMAT = nullQueue
\ No newline at end of file
+FORMAT = nullQueue