Fixing the Splunk nullqueue

Vagrant/resources/splunk_server/props.conf

@@ -15,8 +15,10 @@ TRUNCATE = 0
 
 [osquery:json]
 TRANSFORMS-osquery_host = osquery_hostidentifier_as_host
-TRANSFORMS-null = setnull
 TIME_PREFIX = \"unixTime\"\:
 MAX_TIMESTAMP_LOOKAHEAD = 500
 TIME_FORMAT = %s
-TRUNCATE = 0
+TRUNCATE = 0
+
+[osquery:status]
+TRANSFORMS-null = setnull