[source::WinEventLog:*]
TRANSFORMS-host = wef_computername_as_host

[powershell_transcript]
TRANSFORMS-powershell_rename_host = powershell_rename_host
SHOULD_LINEMERGE = false
LINE_BREAKER = ([\r\n]+)THISDOESNTEXIST
DATETIME_CONFIG =
NO_BINARY_CHECK = true
TIME_FORMAT = %Y%m%d%H%M%S
TIME_PREFIX = Start time:\s
category = Custom
pulldown_type = true
TRUNCATE = 0

[osquery:json]
TRANSFORMS-osquery_host = osquery_hostidentifier_as_host
TRANSFORMS-null = setnull
TIME_PREFIX = \"unixTime\"\:
MAX_TIMESTAMP_LOOKAHEAD = 500
TIME_FORMAT = %s
TRUNCATE = 0