diff --git a/docker/elk/logstash/Dockerfile b/docker/elk/logstash/Dockerfile
index 136c626f..26c9a568 100644
--- a/docker/elk/logstash/Dockerfile
+++ b/docker/elk/logstash/Dockerfile
@@ -15,7 +15,7 @@ RUN apk -U --no-cache add \
              libc6-compat \
              libzmq \
              nss && \
-    apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing openjdk16-jre && \
+    apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/community openjdk16-jre && \
 #
 # Get and install packages
     mkdir -p /etc/listbot && \
diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf
index daba56be..ae937fdf 100644
--- a/docker/elk/logstash/dist/logstash.conf
+++ b/docker/elk/logstash/dist/logstash.conf
@@ -425,7 +425,7 @@ filter {
 # Example: 2021-10-29T21:08:31.026Z CLOSE host=1.2.3.4 port=12345 fd=4 time=20.015 bytes=24
 # Example: 2021-10-29T21:08:11.011Z ACCEPT host=1.2.3.4 port=12346 fd=4 n=1/4096
   if [type] == "Endlessh" {
-    grok { match => { "message" => [ "\A%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{WORD:reason}%{SPACE}host=%{IPV4:src_ip}%{SPACE}port=%{INT:src_port}%{SPACE}fd=%{INT}%{SPACE}time=%{SECOND:DURATION}%{SPACE}bytes=%{NUMBER:BYTES}", "\A%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{WORD:reason}%{SPACE}host=%{IPV4:src_ip}%{SPACE}port=%{INT:src_port}%{SPACE}fd=%{INT}%{SPACE}n=%{INT}/%{INT}" ] } }    
+    grok { match => { "message" => [ "\A%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{WORD:reason}%{SPACE}host=%{IPV4:src_ip}%{SPACE}port=%{INT:src_port}%{SPACE}fd=%{INT}%{SPACE}time=%{SECOND:duration}%{SPACE}bytes=%{NUMBER:bytes}", "\A%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{WORD:reason}%{SPACE}host=%{IPV4:src_ip}%{SPACE}port=%{INT:src_port}%{SPACE}fd=%{INT}%{SPACE}n=%{INT}/%{INT}" ] } }    
     date {
       match => [ "timestamp", "ISO8601" ]
       remove_field => ["timestamp"]
@@ -458,6 +458,14 @@ filter {
         "dest_port" => "80"
         "dest_ip" => "${MY_EXTIP}"
       }
+      rename => {
+        "BYTES" => "bytes"
+        "DURATION" => "duration"
+        "REMOTE_ADDR" => "src_ip"
+        "URL" => "url"
+        "USERAGENT" => "http_user_agent"
+        "message" => "reason"
+      }
     }
   }
 
@@ -670,15 +678,13 @@ if "_jsonparsefailure" in [tags] { drop {} }
   }
 
 # Add T-Pot hostname and external IP
-#  if [type] == "Adbhoney" or [type] == "Ciscoasa" or [type] == "CitrixHoneypot" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dicompot" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "Fatt" or [type] == "Glutton" or [type] == "Honeysap" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Honeypy" or [type] == "Ipphoney" or [type] == "Mailoney" or [type] == "Medpot" or [type] == "P0f" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Tanner" {
-    mutate {
-      add_field => {
-        "t-pot_ip_ext" => "${MY_EXTIP}"
-        "t-pot_ip_int" => "${MY_INTIP}"
-        "t-pot_hostname" => "${MY_HOSTNAME}"
-      }
+  mutate {
+    add_field => {
+      "t-pot_ip_ext" => "${MY_EXTIP}"
+      "t-pot_ip_int" => "${MY_INTIP}"
+      "t-pot_hostname" => "${MY_HOSTNAME}"
     }
-#  }
+  }
 
 }