diff --git a/salt/elasticsearch/files/ingest/strelka.file b/salt/elasticsearch/files/ingest/strelka.file
index fbcf1252a..80063c531 100644
--- a/salt/elasticsearch/files/ingest/strelka.file
+++ b/salt/elasticsearch/files/ingest/strelka.file
@@ -1,6 +1,7 @@
 {
   "description" : "strelka",
   "processors" : [
+    { "set": { "field": "event.dataset", "value": "file" } },
     { "json":           { "field": "message",                        "target_field": "message2",                   "ignore_failure": true  } },
     { "rename":         { "field": "message2.file",        "target_field": "file",          "ignore_missing": true  } },
     { "rename":         { "field": "message2.scan",        "target_field": "scan",          "ignore_missing": true  } },