diff --git a/salt/logstash/conf/conf.enabled.txt.so-eval b/salt/logstash/conf/conf.enabled.txt.so-eval
index 71e50525f..5c85ab8ac 100644
--- a/salt/logstash/conf/conf.enabled.txt.so-eval
+++ b/salt/logstash/conf/conf.enabled.txt.so-eval
@@ -107,3 +107,5 @@
 /usr/share/logstash/pipeline.dynamic/9500_output_beats.conf
 /usr/share/logstash/pipeline.dynamic/9600_output_ossec.conf
 /usr/share/logstash/pipeline.dynamic/9998_output_test_data.conf
+/usr/share/logstash/pipeline.dynamic/7100_osquery_wel.conf
+/usr/share/logstash/pipeline.dynamic/9100_output_osquery.conf
diff --git a/salt/logstash/files/dynamic/0006_input_beats.conf b/salt/logstash/files/dynamic/0006_input_beats.conf
index c7cab30b7..b9f03c979 100644
--- a/salt/logstash/files/dynamic/0006_input_beats.conf
+++ b/salt/logstash/files/dynamic/0006_input_beats.conf
@@ -25,7 +25,7 @@ filter {
       add_field => { "syslog-host_from" => "%{[beat][name]}" }
       remove_field => [ "beat", "prospector", "input", "offset" ]
     }
-    
+   }
     if [type] == "osquery" {
     mutate {
       remove_tag => ["beat"]
@@ -35,6 +35,5 @@ filter {
     source => "message"
     target => "osquery"
         }
-    
   }
 }
diff --git a/salt/logstash/files/custom/parsers/7100_osquery_wel.conf b/salt/logstash/files/dynamic/7100_osquery_wel.conf
similarity index 70%
rename from salt/logstash/files/custom/parsers/7100_osquery_wel.conf
rename to salt/logstash/files/dynamic/7100_osquery_wel.conf
index 3dea60269..b4d77d83f 100644
--- a/salt/logstash/files/custom/parsers/7100_osquery_wel.conf
+++ b/salt/logstash/files/dynamic/7100_osquery_wel.conf
@@ -1,23 +1,23 @@
 # Author: Josh Brower
 # Last Update: 12/28/2018
-# If log is tagged osquery and there is an eventid column, then cleanup and parse out the EventData column
+# If log is tagged osquery and there is an eventid column - then cleanup and parse out the EventData column
 
 filter {
   if "osquery" in [tags] and [osquery][columns][eventid] {
 
-	mutate {
+        mutate {
      gsub => ["[osquery][columns][data]", "\\x0A", ""]
     }
 
-	json {
+        json {
       source => "[osquery][columns][data]"
       target => "[osquery][columns][data]"
      }
 
- 	mutate {
+        mutate {
      merge => { "[osquery][columns]" => "[osquery][columns][data]" }
      remove_field => ["[osquery][columns][data]"]
-  	}
+        }
 
   }
-}
+}
\ No newline at end of file
diff --git a/salt/logstash/files/custom/parsers/9100_output_osquery.conf b/salt/logstash/files/dynamic/9100_output_osquery.conf
similarity index 93%
rename from salt/logstash/files/custom/parsers/9100_output_osquery.conf
rename to salt/logstash/files/dynamic/9100_output_osquery.conf
index 59c16347b..e95119562 100644
--- a/salt/logstash/files/custom/parsers/9100_output_osquery.conf
+++ b/salt/logstash/files/dynamic/9100_output_osquery.conf
@@ -4,7 +4,7 @@
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 {%- endif %}
 # Author: Josh Brower
-# Last Update: 12/28/2018
+# Last Update: 12/29/2018
 # Output to ES for osquery tagged logs
 
 
@@ -16,4 +16,4 @@ output {
       template => "/logstash-template.json"
     }
   }
-}
+}
\ No newline at end of file