diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index ac4e0fe6f..9dd00503c 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -128,9 +128,9 @@ filebeat.inputs:
         imported: true
     processors:
       - dissect:
-        tokenizer: "/nsm/import/%{import_id}/zeek/logs/%{import_source}"
-        field: "source"
-        target_prefix: ""
+          tokenizer: "/nsm/import/%{import_id}/zeek/logs/%{import_source}"
+          field: "source"
+          target_prefix: ""
       - drop_fields:
         fields: ["source", "prospector", "input", "offset", "beat"]
  
@@ -166,9 +166,9 @@ filebeat.inputs:
       imported: true 
     processors:
     - dissect:
-      tokenizer: "/nsm/import/%{import_id}/suricata/%{import_source}"
-      field: "source"
-      target_prefix: ""
+        tokenizer: "/nsm/import/%{import_id}/suricata/%{import_source}"
+        field: "source"
+        target_prefix: ""
     - drop_fields:
         fields: ["source", "prospector", "input", "offset", "beat"]