diff --git a/salt/elasticsearch/files/ingest/zeek.software b/salt/elasticsearch/files/ingest/zeek.software
index f5d3d1013..11298ba0b 100644
--- a/salt/elasticsearch/files/ingest/zeek.software
+++ b/salt/elasticsearch/files/ingest/zeek.software
@@ -11,7 +11,7 @@
     { "dot_expander": 	{ "field": "version.minor2", 		"path": "message2", 			"ignore_failure": true 	} },
     { "rename": 	{ "field": "message2.version.minor2", 	"target_field": "software.version.minor2",	"ignore_missing": true 	} },
     { "dot_expander": 	{ "field": "version.minor3", 		"path": "message2", 			"ignore_failure": true 	} },
-    { "rename": 	{ "field": "message2.version.minor3", 	"target_field": "version.minor3",	"ignore_missing": true 	} },
+    { "rename": 	{ "field": "message2.version.minor3", 	"target_field": "software.version.minor3",	"ignore_missing": true 	} },
     { "dot_expander": 	{ "field": "version.addl", 		"path": "message2", 			"ignore_failure": true 	} },
     { "rename": 	{ "field": "message2.version.addl", 	"target_field": "software.version.additional_info",	"ignore_missing": true 	} },
     { "rename": 	{ "field": "message2.host", 		"target_field": "source.ip",		"ignore_missing": true 	} },