diff --git a/salt/logstash/files/dynamic/9997_output_helix.conf b/salt/logstash/files/dynamic/9997_output_helix.conf
index 8c01eab65..14cca8352 100644
--- a/salt/logstash/files/dynamic/9997_output_helix.conf
+++ b/salt/logstash/files/dynamic/9997_output_helix.conf
@@ -15,10 +15,6 @@ filter {
        ]
     }
 
-    grok {
-      match => [ "syslog-tags",  "^.source.s_%{DATA:class}$" ]
-    }
-
     geoip {
       source => "[source_ip]"
       target => "source_geo"
@@ -30,10 +26,10 @@ filter {
     mutate {
       #rename => { "%{[source_geo][country_code]}" => "srccountrycode" }
       #rename => { "%{[destination_geo][country_code]}" => "dstcountrycode" }
-      rename => { "syslog-host_from" => "sensor" }
+      rename => { "[beat_host][name]" => "sensor" }
       rename => { "message" => "rawmsg" }
       #rename => { "event_type" => "program" }
-      #copy => { "program" => "class" }
+      copy => { "type" => "class" }
       rename => { "source_port" => "srcport" }
       rename => { "destination_port" => "dstport" }
       remove_field => ["source_ip", "destination_ip"]
diff --git a/setup/functions.sh b/setup/functions.sh
index 910be0437..87d8bdce4 100644
--- a/setup/functions.sh
+++ b/setup/functions.sh
@@ -1101,8 +1101,11 @@ salt_install_mysql_deps() {
 }
 
 sensor_pillar() {
-
-  SENSORPILLARPATH=$TMP/pillar/sensors
+  if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
+    SENSORPILLARPATH=/opt/so/saltstack
+  else
+    SENSORPILLARPATH=$TMP/pillar/sensors
+  fi
   if [ ! -d $SENSORPILLARPATH ]; then
     mkdir -p $SENSORPILLARPATH
   fi