diff --git a/salt/logstash/files/dynamic/0006_input_beats.conf b/salt/logstash/files/dynamic/0006_input_beats.conf
index 3d0306dd4..c7cab30b7 100644
--- a/salt/logstash/files/dynamic/0006_input_beats.conf
+++ b/salt/logstash/files/dynamic/0006_input_beats.conf
@@ -25,5 +25,16 @@ filter {
       add_field => { "syslog-host_from" => "%{[beat][name]}" }
       remove_field => [ "beat", "prospector", "input", "offset" ]
     }
+    
+    if [type] == "osquery" {
+    mutate {
+      remove_tag => ["beat"]
+      add_tag => ["osquery"]
+        	}
+   json {
+    source => "message"
+    target => "osquery"
+        }
+    
   }
 }