diff --git a/logstash/conf.d/20-dns-syslog.conf b/logstash/conf.d/20-dns-syslog.conf
index f1848ad6f1e7a5b2c32469ddf03a71085cce4355..55a6d5c590ed89cef0994de9c8d9119eb2427361 100644
--- a/logstash/conf.d/20-dns-syslog.conf
+++ b/logstash/conf.d/20-dns-syslog.conf
@@ -6,11 +6,7 @@ input {
        }
 }
 
-filter {
-  
-  date {
-    match => [ "date", "MMM d HH:mm:ss" ]
-  }
+filter {  
 
   if "pihole" in [tags]{
     grok {
@@ -152,7 +148,9 @@ filter {
       failed_cache_size => 512
       failed_cache_ttl => 900
     }
-
+  date {
+    match => [ "date", "MMM d HH:mm:ss" ]
+  }
 
   }
 }