diff --git a/SA-CrowdstrikeDevices/default/savedsearches.conf b/SA-CrowdstrikeDevices/default/savedsearches.conf
index d9cab1d..32b6090 100644
--- a/SA-CrowdstrikeDevices/default/savedsearches.conf
+++ b/SA-CrowdstrikeDevices/default/savedsearches.conf
@@ -40,7 +40,8 @@ search = `sa_crowdstrike_index` sourcetype="crowdstrike:device:json" \
     "gen: sa-crowdstrike",\
     "cs_first_seen: ".strftime(strptime('falcon_device.first_seen',"%FT%T%Z"), "%x %T %Z"),\
     "cs_last_seen: ".strftime(strptime('falcon_device.last_seen',"%FT%T%Z"), "%x %T %Z"),\
-    "splunk_last_updated: ".strftime(now(), "%x %T %Z")\
+    "splunk_last_updated: ".strftime(now(), "%x %T %Z"),\
+    "serial_number: ".'falcon_device.serial_number'\
     )), "|"),\
     nt_host=lower('falcon_device.hostname'),\
     dns=lower(nt_host.".".'falcon_device.machine_domain'),\