diff --git a/salt/logstash/pipelines/config/so/0011_input_endgame.conf b/salt/logstash/pipelines/config/so/0011_input_endgame.conf
index b87d8e9b2..375585957 100644
--- a/salt/logstash/pipelines/config/so/0011_input_endgame.conf
+++ b/salt/logstash/pipelines/config/so/0011_input_endgame.conf
@@ -3,6 +3,8 @@ input {
     id => "endgame_data"
     port => 3765
     codec => es_bulk
+    request_headers_target_field => client_headers
+    remote_host_target_field => client_host
     ssl => true
     ssl_certificate_authorities => ["/usr/share/filebeat/ca.crt"]
     ssl_certificate => "/usr/share/logstash/filebeat.crt"
diff --git a/salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja b/salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja
index f23913637..b5920fe40 100644
--- a/salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja
@@ -8,7 +8,7 @@
 filter {
   if [event][module] =~ "endgame" {
     mutate {
-      remove_field => ["headers", "host"]
+      remove_field => ["client_headers", "client_host"]
     }
   }
 }