diff --git a/salt/logstash/files/dynamic/9000_output_bro.conf b/salt/logstash/files/dynamic/9000_output_bro.conf
index c4119e5de..01853270d 100644
--- a/salt/logstash/files/dynamic/9000_output_bro.conf
+++ b/salt/logstash/files/dynamic/9000_output_bro.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/files/dynamic/9001_output_switch.conf b/salt/logstash/files/dynamic/9001_output_switch.conf
index c3dea84da..86ffbcec6 100644
--- a/salt/logstash/files/dynamic/9001_output_switch.conf
+++ b/salt/logstash/files/dynamic/9001_output_switch.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/files/dynamic/9002_output_import.conf b/salt/logstash/files/dynamic/9002_output_import.conf
index 0a9d34726..80ab621aa 100644
--- a/salt/logstash/files/dynamic/9002_output_import.conf
+++ b/salt/logstash/files/dynamic/9002_output_import.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Updated by: Doug Burks
 # Last Update: 5/16/2017
diff --git a/salt/logstash/files/dynamic/9004_output_flow.conf b/salt/logstash/files/dynamic/9004_output_flow.conf
index ae37961c5..5ef3ca63e 100644
--- a/salt/logstash/files/dynamic/9004_output_flow.conf
+++ b/salt/logstash/files/dynamic/9004_output_flow.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/files/dynamic/9026_output_dhcp.conf b/salt/logstash/files/dynamic/9026_output_dhcp.conf
index a6bb24850..0bc0b7233 100644
--- a/salt/logstash/files/dynamic/9026_output_dhcp.conf
+++ b/salt/logstash/files/dynamic/9026_output_dhcp.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/files/dynamic/9029_output_esxi.conf b/salt/logstash/files/dynamic/9029_output_esxi.conf
index d7b37f03e..d0b9aedcb 100644
--- a/salt/logstash/files/dynamic/9029_output_esxi.conf
+++ b/salt/logstash/files/dynamic/9029_output_esxi.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/files/dynamic/9030_output_greensql.conf b/salt/logstash/files/dynamic/9030_output_greensql.conf
index b8a4ff1ac..87d73a2ce 100644
--- a/salt/logstash/files/dynamic/9030_output_greensql.conf
+++ b/salt/logstash/files/dynamic/9030_output_greensql.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/files/dynamic/9031_output_iis.conf b/salt/logstash/files/dynamic/9031_output_iis.conf
index 0073a18aa..7e03de66a 100644
--- a/salt/logstash/files/dynamic/9031_output_iis.conf
+++ b/salt/logstash/files/dynamic/9031_output_iis.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/files/dynamic/9032_output_mcafee.conf b/salt/logstash/files/dynamic/9032_output_mcafee.conf
index efaa9ed24..154e7ffc2 100644
--- a/salt/logstash/files/dynamic/9032_output_mcafee.conf
+++ b/salt/logstash/files/dynamic/9032_output_mcafee.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/files/dynamic/9033_output_snort.conf b/salt/logstash/files/dynamic/9033_output_snort.conf
index a16219494..36edace12 100644
--- a/salt/logstash/files/dynamic/9033_output_snort.conf
+++ b/salt/logstash/files/dynamic/9033_output_snort.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/files/dynamic/9034_output_syslog.conf b/salt/logstash/files/dynamic/9034_output_syslog.conf
index 91a99d9b0..004373119 100644
--- a/salt/logstash/files/dynamic/9034_output_syslog.conf
+++ b/salt/logstash/files/dynamic/9034_output_syslog.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/files/dynamic/9200_output_firewall.conf b/salt/logstash/files/dynamic/9200_output_firewall.conf
index 3e9f658a6..203372de1 100644
--- a/salt/logstash/files/dynamic/9200_output_firewall.conf
+++ b/salt/logstash/files/dynamic/9200_output_firewall.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/files/dynamic/9300_output_windows.conf b/salt/logstash/files/dynamic/9300_output_windows.conf
index a0a1e12c7..89aa6f724 100644
--- a/salt/logstash/files/dynamic/9300_output_windows.conf
+++ b/salt/logstash/files/dynamic/9300_output_windows.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/files/dynamic/9301_output_dns_windows.conf b/salt/logstash/files/dynamic/9301_output_dns_windows.conf
index 871a479b1..d8857ee3b 100644
--- a/salt/logstash/files/dynamic/9301_output_dns_windows.conf
+++ b/salt/logstash/files/dynamic/9301_output_dns_windows.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/files/dynamic/9400_output_suricata.conf b/salt/logstash/files/dynamic/9400_output_suricata.conf
index 41771e41c..f5846ab00 100644
--- a/salt/logstash/files/dynamic/9400_output_suricata.conf
+++ b/salt/logstash/files/dynamic/9400_output_suricata.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/files/dynamic/9500_output_beats.conf b/salt/logstash/files/dynamic/9500_output_beats.conf
index 641df21c6..50952441d 100644
--- a/salt/logstash/files/dynamic/9500_output_beats.conf
+++ b/salt/logstash/files/dynamic/9500_output_beats.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Wes Lambert
 # Last Update: 09/14/2018
diff --git a/salt/logstash/files/dynamic/9600_output_ossec.conf b/salt/logstash/files/dynamic/9600_output_ossec.conf
index ea1180ae5..23a8af16b 100644
--- a/salt/logstash/files/dynamic/9600_output_ossec.conf
+++ b/salt/logstash/files/dynamic/9600_output_ossec.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
diff --git a/salt/logstash/files/dynamic/9998_output_test_data.conf b/salt/logstash/files/dynamic/9998_output_test_data.conf
index 87b59db00..225ede01d 100644
--- a/salt/logstash/files/dynamic/9998_output_test_data.conf
+++ b/salt/logstash/files/dynamic/9998_output_test_data.conf
@@ -1,4 +1,6 @@
-{%- if grains['role'] != 'so-master' -%}
+{%- if grains['role'] == 'so-eval' -%}
+{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+{%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 # Author: Justin Henderson
 #         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics