diff --git a/cyences_app_for_splunk/default/transforms.conf b/cyences_app_for_splunk/default/transforms.conf
index 24fed6cb..c2550324 100644
--- a/cyences_app_for_splunk/default/transforms.conf
+++ b/cyences_app_for_splunk/default/transforms.conf
@@ -137,13 +137,13 @@ case_sensitive_match = false
 [cs_linux_users]
 external_type = kvstore
 collection = cs_linux_users_colllections
-fields_list = _key,host,UID,_time,USERNAME,COMMAND_SHELL,HOME_DIR,SUDOACCESS,USER_INFO,GID,status
+fields_list = _key,host,UID,_time,USERNAME,COMMAND_SHELL,HOME_DIR,SUDOACCESS,USER_INFO,GID,status,changes
 case_sensitive_match = false
 
 [cs_linux_groups]
 external_type = kvstore
 collection = cs_linux_groups_colllections
-fields_list = _key,host,group_name,_time,users,status
+fields_list = _key,host,group_name,_time,users,status,changes
 case_sensitive_match = false