diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 8b4520a3a..f8fb5acf5 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -30,9 +30,9 @@ filebeat.prospectors:
     paths:
       - /suricata/eve.json
     fields:
-      type: snort
+      type: ids
+      engine: suricata
     fields_under_root: true
-    tags: ["ids"]
     clean_removed: false
     close_removed: false