diff --git a/pillar/logstash/helix.sls b/pillar/logstash/helix.sls
new file mode 100644
index 000000000..e396a7aad
--- /dev/null
+++ b/pillar/logstash/helix.sls
@@ -0,0 +1,4 @@
+logstash:
+  pipelines:
+    helix:
+      config: "/usr/share/logstash/pipelines/helix/*.conf"
diff --git a/pillar/top.sls b/pillar/top.sls
index 8b604283e..9eb5522fe 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -48,6 +48,7 @@ base:
     - static
     - firewall.*
     - fireeye
-    - static
     - brologs
+    - logstash.helix
+    - static
     - minions.{{ grains.id }}
diff --git a/salt/common/grafana/grafana_dashboards/eval/eval.json b/salt/common/grafana/grafana_dashboards/eval/eval.json
index 8dd5532d1..069226d3c 100644
--- a/salt/common/grafana/grafana_dashboards/eval/eval.json
+++ b/salt/common/grafana/grafana_dashboards/eval/eval.json
@@ -1395,7 +1395,7 @@
               "condition": "AND",
               "key": "container_name",
               "operator": "=",
-              "value": "so-bro"
+              "value": "so-zeek"
             }
           ]
         }
@@ -1913,7 +1913,7 @@
               "condition": "AND",
               "key": "container_name",
               "operator": "=",
-              "value": "so-bro"
+              "value": "so-zeek"
             }
           ]
         }
diff --git a/salt/common/grafana/grafana_dashboards/forward_nodes/sensor.json b/salt/common/grafana/grafana_dashboards/forward_nodes/sensor.json
index 83a1fc9e6..8e35246eb 100644
--- a/salt/common/grafana/grafana_dashboards/forward_nodes/sensor.json
+++ b/salt/common/grafana/grafana_dashboards/forward_nodes/sensor.json
@@ -1396,7 +1396,7 @@
               "condition": "AND",
               "key": "container_name",
               "operator": "=",
-              "value": "so-bro"
+              "value": "so-zeek"
             }
           ]
         }
@@ -1901,7 +1901,7 @@
               "condition": "AND",
               "key": "container_name",
               "operator": "=",
-              "value": "so-bro"
+              "value": "so-zeek"
             }
           ]
         }
diff --git a/salt/common/telegraf/scripts/broloss.sh b/salt/common/telegraf/scripts/broloss.sh
index a7bec4dc1..9fcf2d527 100644
--- a/salt/common/telegraf/scripts/broloss.sh
+++ b/salt/common/telegraf/scripts/broloss.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
-BROLOG=$(tac /host/nsm/bro/logs/packetloss.log | head -2)
-declare RESULT=($BROLOG)
+ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2)
+declare RESULT=($ZEEKLOG)
 CURRENTDROP=${RESULT[3]}
 PASTDROP=${RESULT[9]}
 DROPPED=$(($CURRENTDROP - $PASTDROP))
diff --git a/setup/so-setup.sh b/setup/so-setup.sh
index 2313d7786..aab749357 100644
--- a/setup/so-setup.sh
+++ b/setup/so-setup.sh
@@ -197,7 +197,6 @@ if (whiptail_you_sure) ; then
       patch_pillar >> $SETUPLOG 2>&1
       echo "** Generating the FireEye pillar **" >> $SETUPLOG
       fireeye_pillar >> $SETUPLOG 2>&1
-      sensor_pillar >> $SETUPLOG 2>&1
       echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
       copy_minion_tmp_files >> $SETUPLOG 2>&1
       # Do a checkin to push the key up