diff --git a/salt/telegraf/scripts/zeekloss.sh b/salt/telegraf/scripts/zeekloss.sh
index 9a64ef4dd..0cdef896c 100644
--- a/salt/telegraf/scripts/zeekloss.sh
+++ b/salt/telegraf/scripts/zeekloss.sh
@@ -29,15 +29,22 @@ echo $$ > $lf
 ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2)
 declare RESULT=($ZEEKLOG)
 CURRENTDROP=${RESULT[3]}
-PASTDROP=${RESULT[9]}
-DROPPED=$((CURRENTDROP - PASTDROP))
-if [ $DROPPED == 0 ]; then
+# zeek likely not running if this is true
+if [[ $CURRENTDROP == "rcvd:" ]]; then
+  CURRENTDROP=0
+  PASTDROP=0
+  DROPPED=0
+else
+  PASTDROP=${RESULT[9]}
+  DROPPED=$((CURRENTDROP - PASTDROP))
+fi
+if [[ "$DROPPED" -le 0 ]]; then
   LOSS=0
   echo "zeekdrop drop=0"
 else
   CURRENTPACKETS=${RESULT[5]}
   PASTPACKETS=${RESULT[11]}
   TOTAL=$((CURRENTPACKETS - PASTPACKETS))
-  LOSS=$(echo $DROPPED $TOTAL / p | dc)
+  LOSS=$(echo 4k $DROPPED $TOTAL / p | dc)
   echo "zeekdrop drop=$LOSS"
-fi
+fi
\ No newline at end of file