diff --git a/salt/elasticsearch/files/ingest/suricata.common b/salt/elasticsearch/files/ingest/suricata.common
index 7b2dc7eeb..887d10f86 100644
--- a/salt/elasticsearch/files/ingest/suricata.common
+++ b/salt/elasticsearch/files/ingest/suricata.common
@@ -22,6 +22,12 @@
                 "ignore_failure": true
             }
         },
+        {
+            "lowercase": {
+                "field": "network.transport",
+                "ignore_failure": true
+            }
+        },
         {
             "rename": {
                 "field": "message2.in_iface",