diff --git a/docker/elk/logstash/dist/http_output.conf b/docker/elk/logstash/dist/http_output.conf
index d3dd5716..9c1932a1 100644
--- a/docker/elk/logstash/dist/http_output.conf
+++ b/docker/elk/logstash/dist/http_output.conf
@@ -698,12 +698,15 @@ filter {
       remove_field => ["event_timestamp"]
     }
     mutate {
-      rename => {
-        "source_ip" => "src_ip"
-        "destination_ip" => "dest_ip"
-      }
+      split => ["source_ip", ":"]
+      rename => { "destination_ip" => "dest_ip" }
       add_field => { "dest_port" => "5060" }
     }
+    mutate {
+      add_field => { "src_ip" => "%{[source_ip][0]}" }
+      add_field => { "src_port" => "%{[source_ip][1]}" }
+      remove_field => ["source_ip"]
+    }
   }
 
 # Tanner
diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf
index fd797ba1..ad23f165 100644
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@@ -698,12 +698,15 @@ filter {
       remove_field => ["event_timestamp"]
     }
     mutate {
-      rename => {
-        "source_ip" => "src_ip"
-        "destination_ip" => "dest_ip"
-      }
+      split => ["source_ip", ":"]
+      rename => { "destination_ip" => "dest_ip" }
       add_field => { "dest_port" => "5060" }
     }
+    mutate {
+      add_field => { "src_ip" => "%{[source_ip][0]}" }
+      add_field => { "src_port" => "%{[source_ip][1]}" }
+      remove_field => ["source_ip"]
+    }
   }
 
 # Tanner