diff --git a/artifacts/definitions/SUSE/Linux/Events/Services.yaml b/artifacts/definitions/SUSE/Linux/Events/Services.yaml
index 111748b89..ee72bb73b 100644
--- a/artifacts/definitions/SUSE/Linux/Events/Services.yaml
+++ b/artifacts/definitions/SUSE/Linux/Events/Services.yaml
@@ -19,7 +19,7 @@ sources:
       LET pattern = "%{NUMBER:pid}\n\{ path\=%{DATA:process} .*\n%{DATA:description}\n%{DATA:state}\n"
 
       -- local function runs systemctl, parses output and deconstructs dict from grok
-      LET serviceDetails(name) = SELECT pid, process, description, state
+      LET serviceDetails(name) = SELECT *
         FROM foreach(
           row= { SELECT grok(data=stdout, grok=pattern) AS parsed
                  FROM execve(argv=["systemctl", "show", name, "--value", "--property=ExecMainPID,ExecStart,Description,ActiveState"]) },