[source::WinEventLog:*]
TRANSFORMS-host = wef_computername_as_host

[sourcetype::powershell_transcript]
TRANSFORMS-powershell_rename_host = powershell_rename_host

[powershell_transcript]
BREAK_ONLY_BEFORE = THISREGEXDOESNTEXIST
DATETIME_CONFIG =
NO_BINARY_CHECK = true
TIME_FORMAT = %Y%m%d%H%M%S
TIME_PREFIX = Start\stime\:\s
category = Custom
pulldown_type = true