diff --git a/tools/config/splunk-windows-all.yml b/tools/config/splunk-windows-all.yml
index 448dbd489..edb9cbf78 100644
--- a/tools/config/splunk-windows-all.yml
+++ b/tools/config/splunk-windows-all.yml
@@ -42,8 +42,14 @@ logsources:
   windows-dns-server:
     product: windows
     service: dns-server
+    category: dns
     conditions:
       source: 'DNS Server'
+  windows-dns-server-audit:
+    product: windows
+    service: dns-server-audit
+    conditions:
+      source: 'Microsoft-Windows-DNS-Server/Audit'
   windows-driver-framework:
     product: windows
     service: driver-framework