diff --git a/salt/soc/merged.map.jinja b/salt/soc/merged.map.jinja
index c0ea836e5..65091158e 100644
--- a/salt/soc/merged.map.jinja
+++ b/salt/soc/merged.map.jinja
@@ -67,13 +67,13 @@
 {%   do SOCMERGED.config.server.client.cases.update({'actions': standard_actions}) %}
 
 {# replace the _x_ with . for soc ui to config conversion #}
-{% do SOCMERGED.config.eventFields.update({':endpoint:endpoint.events.api': SOCMERGED.config.eventFields.pop(':endpoint:endpoint_x_events_x_api') }) %}
-{% do SOCMERGED.config.eventFields.update({':endpoint:endpoint.events.file': SOCMERGED.config.eventFields.pop(':endpoint:endpoint_x_events_x_file') }) %}
-{% do SOCMERGED.config.eventFields.update({':endpoint:endpoint.events.library': SOCMERGED.config.eventFields.pop(':endpoint:endpoint_x_events_x_library') }) %}
-{% do SOCMERGED.config.eventFields.update({':endpoint:endpoint.events.network': SOCMERGED.config.eventFields.pop(':endpoint:endpoint_x_events_x_network') }) %}
-{% do SOCMERGED.config.eventFields.update({':endpoint:endpoint.events.process': SOCMERGED.config.eventFields.pop(':endpoint:endpoint_x_events_x_process') }) %}
-{% do SOCMERGED.config.eventFields.update({':endpoint:endpoint.events.registry': SOCMERGED.config.eventFields.pop(':endpoint:endpoint_x_events_x_registry') }) %}
-{% do SOCMERGED.config.eventFields.update({':endpoint:endpoint.events.security': SOCMERGED.config.eventFields.pop(':endpoint:endpoint_x_events_x_security') }) %}
+{% do SOCMERGED.config.eventFields.update({':endpoint:events.api': SOCMERGED.config.eventFields.pop(':endpoint:events_x_api') }) %}
+{% do SOCMERGED.config.eventFields.update({':endpoint:events.file': SOCMERGED.config.eventFields.pop(':endpoint:events_x_file') }) %}
+{% do SOCMERGED.config.eventFields.update({':endpoint:events.library': SOCMERGED.config.eventFields.pop(':endpoint:events_x_library') }) %}
+{% do SOCMERGED.config.eventFields.update({':endpoint:events.network': SOCMERGED.config.eventFields.pop(':endpoint:events_x_network') }) %}
+{% do SOCMERGED.config.eventFields.update({':endpoint:events.process': SOCMERGED.config.eventFields.pop(':endpoint:events_x_process') }) %}
+{% do SOCMERGED.config.eventFields.update({':endpoint:events.registry': SOCMERGED.config.eventFields.pop(':endpoint:events_x_registry') }) %}
+{% do SOCMERGED.config.eventFields.update({':endpoint:events.security': SOCMERGED.config.eventFields.pop(':endpoint:events_x_security') }) %}
 {% set standard_eventFields = SOCMERGED.config.pop('eventFields') %}
 {%   do SOCMERGED.config.server.client.hunt.update({'eventFields': standard_eventFields}) %}
 {%   do SOCMERGED.config.server.client.dashboards.update({'eventFields': standard_eventFields}) %}