From edf2787402146a7a7adc5888e80278f295b55ce9 Mon Sep 17 00:00:00 2001
From: Florian Roth <florian.roth@bsk-consulting.de>
Date: Tue, 22 Aug 2017 10:04:56 +0200
Subject: [PATCH] Removed some spaces and added Win 10 WMI eventlog

---
 tools/config/splunk-windows-all.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/tools/config/splunk-windows-all.yml b/tools/config/splunk-windows-all.yml
index f832bc14..75445968 100644
--- a/tools/config/splunk-windows-all.yml
+++ b/tools/config/splunk-windows-all.yml
@@ -28,12 +28,17 @@ logsources:
     product: windows
     service: powershell-classic
     conditions:
-      source: 'Windows PowerShell'    
+      source: 'Windows PowerShell'
   windows-powershell:
     product: windows
     service: taskscheduler
     conditions:
       source: 'WinEventLog:Microsoft-Windows-TaskScheduler/Operational'
+  windows-wmi:
+    product: windows
+    service: wmi
+    conditions:
+      source: 'WinEventLog:Microsoft-Windows-WMI-Activity/Operational'
   windows-dns-server:
     product: windows
     service: dns-server