IIS Log Files parsing and Removing Load Balance Health Check

I,m using the new 7.0.0 version of Splunk at my distributed installation (Indexer,Search Head) and i´m trying to parse iis logs from a Windows Server 2016. The parsing is working but i´ve tried to avoid some noise (Probe validation from Load Balancer) using "nullqueue" but somehow, that it´s not working. The noisy probe logs still is coming... Here we go: **Part of of the IIS log file:** Software: Microsoft Internet Information Services 10.0 #Version: 1.0 #Date: 2017-09-30 18:22:33 #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) cs-host sc-status sc-substatus sc-win32-status time-taken 2017-09-30 18:22:33 W3SVC6 10.50.10.40 GET / - 25002 - 168.63.129.16 Load+Balancer+Agent - 100.76.216.215:25002 200 0 0 718 2017-09-30 18:22:38 W3SVC6 10.50.10.40 GET / - 25002 - 168.63.129.16 Load+Balancer+Agent - 100.76.216.215:25002 200 0 0 15 2017-09-30 18:22:43 W3SVC6 10.50.10.40 GET / - 25002 - 168.63.129.16 Load+Balancer+Agent - 100.76.216.215:25002 200 0 0 15 2017-09-30 18:22:48 W3SVC6 10.50.10.40 GET / - 25002 - 168.63.129.16 Load+Balancer+Agent - 100.76.216.215:25002 200 0 0 15 2017-09-30 18:22:53 W3SVC6 10.50.10.40 GET / - 25002 - 168.63.129.16 Load+Balancer+Agent - 100.76.216.215:25002 200 0 0 15 2017-09-30 18:22:58 W3SVC6 10.50.10.40 GET / - 25002 - 168.63.129.16 Load+Balancer+Agent - 100.76.216.215:25002 200 0 0 15 2017-09-30 18:23:03 W3SVC6 10.50.10.40 GET / - 25002 - 168.63.129.16 Load+Balancer+Agent - 100.76.216.215:25002 200 0 0 0 2017-09-30 18:23:08 W3SVC6 10.50.10.40 GET / - 25002 - 168.63.129.16 Load+Balancer+Agent - 100.76.216.215:25002 200 0 0 15* **inputs.conf (at C:\Program Files\SplunkUniversalForwarder\etc\system\local) Universal Forwarder ** [monitor://C:\Logs\IIS\W3SV*\*.log] index = private_backend sourcetype = iis disabled = false ignoreOlderThan = 0d **/opt/splunk/etc/system/local/props.conf (at the Indexer server) ** [iis] TRANSFORMS-null=remove_log_probe **/opt/splunk/etc/system/local/transforms.conf (at the Indexer server) ** [remove_log_probe] REGEX=Load\SBalancer\SAgent DEST_KEY=queue FORMAT=nullQueue I´m definetily missing something (maybe silly rsrsr). Can, please, somebody help?