diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 0f9b0dcf2..5d659a406 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -193,6 +193,9 @@ output.elasticsearch:
     - index: "so-ossec-%{+yyyy.MM.dd}"
       when.contains:
         module: "ossec"
+    - index: "so-strelka-%{+yyyy.MM.dd}"
+      when.contains:
+        module: "strelka"
 
 #output.logstash:
   # Boolean flag to enable or disable the output module.