Complete newb here, any help appreciated!

props.conf
[WMI:WinEventLog:Security]
TRANSFORMS-set= setnulla,parse2003secevents,parse2008secevents

[WMI:WinEventLog:System]
TRANSFORMS-set= setnullb,parse2003sysevents,parse2008sysevents

Transforms.conf
[setnulla]
REGEX = .
DEST_KEY = queue
FORMAT = nullQueue

[parse2003secevents]
REGEX =(?msi)^EventCode=(xxx|xxx)\b
DEST_KEY = queue
FORMAT = indexQueue

[parse2008secevents]
REGEX =(?msi)^EventCode=(xxxx|xxxx)\b
DEST_KEY = queue
FORMAT = indexQueue

[setnullb]
REGEX = .
DEST_KEY = queue
FORMAT = nullQueue

[parse2003sysevents]
REGEX =(?msi)^EventCode=(xxx|xxx)\b
DEST_KEY = queue
FORMAT = indexQueue

[parse2008sysevents]
REGEX =(?msi)^EventCode=(xxxx|xxxx)\b
DEST_KEY = queue
FORMAT = indexQueue