diff --git a/salt/elasticsearch/files/ingest/filterlog b/salt/elasticsearch/files/ingest/filterlog
index 2e912485b..10d2088c2 100644
--- a/salt/elasticsearch/files/ingest/filterlog
+++ b/salt/elasticsearch/files/ingest/filterlog
@@ -34,7 +34,7 @@
      },
      {
         "dissect": {
-                "if": "ctx.protocol == 'udp'",
+                "if": "ctx.network?.transport == 'udp'",
                 "field": "ip_sub_msg",
                 "pattern" : "%{source.port},%{destination.port},%{data.length}",
                 "on_failure" : [ {"set" : {"field" : "error.message","value" : "{{ _ingest.on_failure_message }}"}}]