From c55b3d6defe2d047dd11598ec6295b14d41bf40a Mon Sep 17 00:00:00 2001
From: Chris Long <clong@cl0ng.com>
Date: Mon, 1 Jun 2020 21:46:22 -0700
Subject: [PATCH] Update transforms.conf

---
 Vagrant/resources/splunk_server/transforms.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Vagrant/resources/splunk_server/transforms.conf b/Vagrant/resources/splunk_server/transforms.conf
index 66fb9bb..0f9b468 100644
--- a/Vagrant/resources/splunk_server/transforms.conf
+++ b/Vagrant/resources/splunk_server/transforms.conf
@@ -14,8 +14,8 @@ DEST_KEY = MetaData:Host
 REGEX = hostIdentifier\"\:\"([^\"]+)\"
 FORMAT = host::$1
 
-[setnull]
-REGEX = Error\scasting
+[osquery_status_filter]
+REGEX = (POST\srequest\sto\sURI|Refreshing\sconfiguration|not\sattaching|Executing\sscheduled\squery|Error\scasting)
 DEST_KEY = queue
 FORMAT = nullQueue