diff --git a/salt/elasticsearch/templates/component/ecs/suricata.json b/salt/elasticsearch/templates/component/ecs/suricata.json
index 1eb06d266..3f393ff6a 100644
--- a/salt/elasticsearch/templates/component/ecs/suricata.json
+++ b/salt/elasticsearch/templates/component/ecs/suricata.json
@@ -841,6 +841,10 @@
                   "type": "long"
                 }
               }
+            },
+            "capture_file": {
+                "type": "keyword",
+                "ignore_above": 1024
             }
           }
         }