diff --git a/conf.d/12-suricata.conf b/conf.d/12-suricata.conf
index e7ee1416913b727aed0b8899d6273cc19cde1747..1e6ea3761b6116dbcdeebb5a46416cecc9a17358 100644
--- a/conf.d/12-suricata.conf
+++ b/conf.d/12-suricata.conf
@@ -6,13 +6,13 @@ filter {
     }
     if [message] =~ /^{.*}$/ {
       json {
-        source => "message"
+        source => "syslog_message"
         target => "[suricata][eve]"
       }
     } else {
       grok {
         patterns_dir => ["/etc/logstash/conf.d/patterns"]
-        match => [ "message", "%{SURICATA}"]
+        match => [ "syslog_message", "%{SURICATA}"]
       }
     }
     if [suricata][eve][src_ip] and ![source][ip] {
@@ -92,7 +92,6 @@ filter {
         mutate {
 	    add_field => { "[event][module]" => "suricata"}
 	    add_field => { "[event][dataset]" => "suricata"}
-	    rename => { "[message]" => "[event][original]"}
     }
   }
 }