diff --git a/Vagrant/resources/splunk_server/props.conf b/Vagrant/resources/splunk_server/props.conf
index 53239a7..fc080c2 100644
--- a/Vagrant/resources/splunk_server/props.conf
+++ b/Vagrant/resources/splunk_server/props.conf
@@ -15,8 +15,10 @@ TRUNCATE = 0
 
 [osquery:json]
 TRANSFORMS-osquery_host = osquery_hostidentifier_as_host
-TRANSFORMS-null = setnull
 TIME_PREFIX = \"unixTime\"\:
 MAX_TIMESTAMP_LOOKAHEAD = 500
 TIME_FORMAT = %s
-TRUNCATE = 0
\ No newline at end of file
+TRUNCATE = 0
+
+[osquery:status]
+TRANSFORMS-null = setnull
\ No newline at end of file