diff --git a/package/etc/conf.d/context/common_event_format_class.csv b/package/etc/conf.d/context/common_event_format_class.csv
index f25ca12..46fffcf 100644
--- a/package/etc/conf.d/context/common_event_format_class.csv
+++ b/package/etc/conf.d/context/common_event_format_class.csv
@@ -2,4 +2,3 @@ Imperva Inc._SecureSphere_Firewall,sourcetype,imperva:waf:firewall:cef
 Imperva Inc._SecureSphere_Signature,sourcetype,imperva:waf:security:cef
 Imperva Inc._SecureSphere_Protocol,sourcetype,imperva:waf:security:cef
 Imperva Inc._SecureSphere_Worm,sourcetype,imperva:waf:security:cef
-unknown,source,CEF:unknown
diff --git a/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl b/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl
index 1cc91bc..da89bf8 100644
--- a/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl
+++ b/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl
@@ -42,7 +42,6 @@ parser p_cef_class {
         database("conf.d/context/common_event_format_class.csv")
         ignore-case(yes)
         prefix(".splunk.")
-        default-selector("unknown")
     );
 };