diff --git a/salt/filebeat/map.jinja b/salt/filebeat/map.jinja
index b5df8fea5..6ae6e7cff 100644
--- a/salt/filebeat/map.jinja
+++ b/salt/filebeat/map.jinja
@@ -4,7 +4,3 @@
 {% import_yaml 'filebeat/securityoniondefaults.yaml' as SODEFAULTS %}
 {% set SO = SODEFAULTS.securityonion_filebeat %}
 {#% set SO = salt['pillar.get']('filebeat:third_party_filebeat', default=SODEFAULTS.third_party_filebeat, merge=True) %#}
-
-{% set ZEEKLOGLOOKUP = {
-    'conn': 'connection',
-} %}
diff --git a/salt/filebeat/securityoniondefaults.yaml b/salt/filebeat/securityoniondefaults.yaml
index 58eef8361..0a1459d6b 100644
--- a/salt/filebeat/securityoniondefaults.yaml
+++ b/salt/filebeat/securityoniondefaults.yaml
@@ -1,5 +1,7 @@
 {%- set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
-{% from 'filebeat/map.jinja' import ZEEKLOGLOOKUP with context %}
+{% set ZEEKLOGLOOKUP = {
+    'conn': 'connection',
+} %}
 
 securityonion_filebeat:
   modules: