diff --git a/github_app_for_splunk/default/distsearch.conf b/github_app_for_splunk/default/distsearch.conf
new file mode 100644
index 0000000..8683077
--- /dev/null
+++ b/github_app_for_splunk/default/distsearch.conf
@@ -0,0 +1,2 @@
+[replicationSettings:refineConf]
+replicate.macros = true
diff --git a/github_app_for_splunk/default/eventtypes.conf b/github_app_for_splunk/default/eventtypes.conf
index acdd685..08ab58f 100644
--- a/github_app_for_splunk/default/eventtypes.conf
+++ b/github_app_for_splunk/default/eventtypes.conf
@@ -1,3 +1,6 @@
+[GitHub::Branch]
+search = `github_webhooks` ref_type=branch
+
 [GitHub::Change]
 search = `github_source` action=* sourcetype="github:enterprise:audit" OR sourcetype="github_audit"
 
@@ -47,7 +50,10 @@ search = `github_webhooks` action IN ("created", "resolved") "alert.secret_type"
 search = `github_webhooks` action IN ("create", "dismiss", "resolve") "alert.external_identifier"=*
 
 [GitHub::Workflow]
-search = `github_webhooks` action IN ("queued","created","in_progress","completed") workflow_job.id=*
+search = `github_webhooks` workflow.id=* action IN("requested","completed")
+
+[GitHub::Workflow::Job]
+search = `github_webhooks` workflow_job.id=* action IN("queued","in_progress","completed")
 
 [github:enterprise:authentication]
 search = `github_source` sourcetype=GithubEnterpriseServerAuditLog app=* authentication_service=* signature=*
diff --git a/github_app_for_splunk/metadata/default.meta b/github_app_for_splunk/metadata/default.meta
index b77b8cb..b408019 100644
--- a/github_app_for_splunk/metadata/default.meta
+++ b/github_app_for_splunk/metadata/default.meta
@@ -33,3 +33,8 @@ export = system
 [viewstates]
 access = read : [ * ], write : [ * ]
 export = system
+
+### MACROS
+
+[macros]
+export = system

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://clevelandohioweatherforecast.com/php-proxy/index.php?q=https://github.com/splunk/github_app_for_splunk/compare/v1.2.2...v1.2.3.diff" target="_blank">Alternative Proxy</a></p><p><a href="http://clevelandohioweatherforecast.com/pFad/index.php?u=https://github.com/splunk/github_app_for_splunk/compare/v1.2.2...v1.2.3.diff" target="_blank">pFad Proxy</a></p><p><a href="http://clevelandohioweatherforecast.com/pFad/v3index.php?u=https://github.com/splunk/github_app_for_splunk/compare/v1.2.2...v1.2.3.diff" target="_blank">pFad v3 Proxy</a></p><p><a href="http://clevelandohioweatherforecast.com/pFad/v4index.php?u=https://github.com/splunk/github_app_for_splunk/compare/v1.2.2...v1.2.3.diff" target="_blank">pFad v4 Proxy</a></p></body>
</html>