diff --git a/docker/elk/logstash/Dockerfile b/docker/elk/logstash/Dockerfile
index bc9dbdb1..08a6281b 100644
--- a/docker/elk/logstash/Dockerfile
+++ b/docker/elk/logstash/Dockerfile
@@ -34,14 +34,15 @@ RUN apt-get update -y && \
     cd /root/dist/ && \
     cp entrypoint.sh /usr/bin/ && \
     chmod u+x /usr/bin/entrypoint.sh && \
-    mkdir -p /etc/logstash/conf.d /usr/share/logstash/config && \
-    cp logstash.conf /etc/logstash/conf.d/ && \
-    cp http_input.conf /etc/logstash/conf.d/ && \
-    cp http_output.conf /etc/logstash/conf.d/ && \
+    mkdir -p /usr/share/logstash/config && \
+    cp logstash.conf /etc/logstash/ && \
+    cp http_input.conf /etc/logstash/ && \
+    cp http_output.conf /etc/logstash/ && \
     cp pipelines.yml /usr/share/logstash/config/pipelines.yml && \
     cp pipelines_sensor.yml /usr/share/logstash/config/pipelines_sensor.yml && \
     cp tpot-template.json /etc/logstash/ && \
     rm /etc/logstash/pipelines.yml && \
+    rm /etc/logstash/logstash.yml && \
 #
 # Setup user, groups and configs
     groupmod -g 2000 logstash && \
diff --git a/docker/elk/logstash/dist/entrypoint.sh b/docker/elk/logstash/dist/entrypoint.sh
index f8c966d0..936c9932 100644
--- a/docker/elk/logstash/dist/entrypoint.sh
+++ b/docker/elk/logstash/dist/entrypoint.sh
@@ -82,6 +82,6 @@ if [ "$myTPOTILM" == "1" ];
       }
     }'
   else
-    echo "T-Pot ILM already configured."
+    echo "T-Pot ILM already configured or ES not available."
 fi
 echo
diff --git a/docker/elk/logstash/dist/http_input.conf b/docker/elk/logstash/dist/http_input.conf
index c966cc90..005be8c7 100644
--- a/docker/elk/logstash/dist/http_input.conf
+++ b/docker/elk/logstash/dist/http_input.conf
@@ -4,6 +4,7 @@ input {
     id => "tpot"
     host => "0.0.0.0"
     port => "64305"
+    ecs_compatibility => disabled
   }
 }
 
diff --git a/docker/elk/logstash/dist/pipelines.yml b/docker/elk/logstash/dist/pipelines.yml
index e7d53bfe..1e7e638f 100644
--- a/docker/elk/logstash/dist/pipelines.yml
+++ b/docker/elk/logstash/dist/pipelines.yml
@@ -1,6 +1,6 @@
 - pipeline.id: logstash
-  path.config: "/etc/logstash/conf.d/logstash.conf"
+  path.config: "/etc/logstash/logstash.conf"
   pipeline.ecs_compatibility: disabled
 - pipeline.id: http_input
-  path.config: "/etc/logstash/conf.d/http_input.conf"
+  path.config: "/etc/logstash/http_input.conf"
   pipeline.ecs_compatibility: disabled
diff --git a/docker/elk/logstash/dist/pipelines_sensor.yml b/docker/elk/logstash/dist/pipelines_sensor.yml
index a3bf7619..4e5ca5a7 100644
--- a/docker/elk/logstash/dist/pipelines_sensor.yml
+++ b/docker/elk/logstash/dist/pipelines_sensor.yml
@@ -1,3 +1,3 @@
 - pipeline.id: http_output
-  path.config: "/etc/logstash/conf.d/http_output.conf"
+  path.config: "/etc/logstash/http_output.conf"
   pipeline.ecs_compatibility: disabled
diff --git a/etc/compose/collector.yml b/etc/compose/collector.yml
index ee9de23a..c176aed6 100644
--- a/etc/compose/collector.yml
+++ b/etc/compose/collector.yml
@@ -151,8 +151,8 @@ services:
   logstash:
     container_name: logstash
     restart: always
-#    environment:
-#     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
+    environment:
+     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
     depends_on:
       elasticsearch:
         condition: service_healthy
diff --git a/etc/compose/hive.yml b/etc/compose/hive.yml
index e17532bf..f11f06a6 100644
--- a/etc/compose/hive.yml
+++ b/etc/compose/hive.yml
@@ -18,7 +18,7 @@ services:
     restart: always
     environment:
      - bootstrap.memory_lock=true
-#     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
+     - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
      - ES_TMPDIR=/tmp
     cap_add:
      - IPC_LOCK
@@ -52,8 +52,8 @@ services:
   logstash:
     container_name: logstash
     restart: always
-#    environment:
-#     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
+    environment:
+     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
     depends_on:
       elasticsearch:
         condition: service_healthy
diff --git a/etc/compose/hive_sensor.yml b/etc/compose/hive_sensor.yml
index 680c3013..3bc84891 100644
--- a/etc/compose/hive_sensor.yml
+++ b/etc/compose/hive_sensor.yml
@@ -508,8 +508,8 @@ services:
   logstash:
     container_name: logstash
     restart: always
-#    environment:
-#     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
+    environment:
+     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
     env_file:
      - /opt/tpot/etc/compose/elk_environment
     mem_limit: 2g
diff --git a/etc/compose/industrial.yml b/etc/compose/industrial.yml
index e69cd9df..a1652bbc 100644
--- a/etc/compose/industrial.yml
+++ b/etc/compose/industrial.yml
@@ -322,8 +322,8 @@ services:
   logstash:
     container_name: logstash
     restart: always
-#    environment:
-#     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
+    environment:
+     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
     depends_on:
       elasticsearch:
         condition: service_healthy
diff --git a/etc/compose/log4j.yml b/etc/compose/log4j.yml
index 105806ed..387534c6 100644
--- a/etc/compose/log4j.yml
+++ b/etc/compose/log4j.yml
@@ -141,8 +141,8 @@ services:
   logstash:
     container_name: logstash
     restart: always
-#    environment:
-#     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
+    environment:
+     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
     depends_on:
       elasticsearch:
         condition: service_healthy
diff --git a/etc/compose/medical.yml b/etc/compose/medical.yml
index b330e4e8..e0209030 100644
--- a/etc/compose/medical.yml
+++ b/etc/compose/medical.yml
@@ -135,8 +135,8 @@ services:
   logstash:
     container_name: logstash
     restart: always
-#    environment:
-#     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
+    environment:
+     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
     depends_on:
       elasticsearch:
         condition: service_healthy
diff --git a/etc/compose/mini.yml b/etc/compose/mini.yml
index c14b1387..a9e91b6c 100644
--- a/etc/compose/mini.yml
+++ b/etc/compose/mini.yml
@@ -160,8 +160,8 @@ services:
   logstash:
     container_name: logstash
     restart: always
-#    environment:
-#     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
+    environment:
+     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
     depends_on:
       elasticsearch:
         condition: service_healthy
diff --git a/etc/compose/nextgen.yml b/etc/compose/nextgen.yml
index aed417e8..e62533db 100644
--- a/etc/compose/nextgen.yml
+++ b/etc/compose/nextgen.yml
@@ -466,8 +466,8 @@ services:
   logstash:
     container_name: logstash
     restart: always
-#    environment:
-#     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
+    environment:
+     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
     depends_on:
       elasticsearch:
         condition: service_healthy
diff --git a/etc/compose/standard.yml b/etc/compose/standard.yml
index ac572426..176e2179 100644
--- a/etc/compose/standard.yml
+++ b/etc/compose/standard.yml
@@ -545,8 +545,8 @@ services:
   logstash:
     container_name: logstash
     restart: always
-#    environment:
-#     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
+    environment:
+     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
     depends_on:
       elasticsearch:
         condition: service_healthy
diff --git a/etc/compose/tarpit.yml b/etc/compose/tarpit.yml
index 9106611b..b3427409 100644
--- a/etc/compose/tarpit.yml
+++ b/etc/compose/tarpit.yml
@@ -178,8 +178,8 @@ services:
   logstash:
     container_name: logstash
     restart: always
-#    environment:
-#     - LS_JAVA_OPTS=-Xms2048m -Xmx2048m
+    environment:
+     - LS_JAVA_OPTS=-Xms1024m -Xmx1024m
     depends_on:
       elasticsearch:
         condition: service_healthy