diff --git a/ansible/install/roles/rsyslog-templates/templates/02-templates.conf.j2 b/ansible/install/roles/rsyslog-templates/templates/02-templates.conf.j2
index 564a933bd..53c1b108a 100644
--- a/ansible/install/roles/rsyslog-templates/templates/02-templates.conf.j2
+++ b/ansible/install/roles/rsyslog-templates/templates/02-templates.conf.j2
@@ -27,8 +27,6 @@ template(name="logstash-index-pattern" type="list") {
     property(name="timereported" dateFormat="rfc3339" position.from="6" position.to="7")
     constant(value=".")
     property(name="timereported" dateFormat="rfc3339" position.from="9" position.to="10")
-    constant(value=".")
-    property(name="timereported" dateFormat="rfc3339" position.from="12" position.to="13")
     }
 # this is for formatting our syslog data in JSON with @timestamp using a "hierarchical" metdata namespace
 template(name="com-redhat-rsyslog-hier"
diff --git a/elastic/templates/browbeat-logstash-.json b/elastic/templates/browbeat-logstash-.json
index 09de9a746..0c9a2956c 100644
--- a/elastic/templates/browbeat-logstash-.json
+++ b/elastic/templates/browbeat-logstash-.json
@@ -1,34 +1,57 @@
 {
-    template: "browbeat-logstash-*",
-    mappings: {
-        result: {
-            properties: {
-                action: {
-                    index: "not_analyzed",
-                    type: "string"
-                },
-                browbeat_cloud_name: {
-                    index: "not_analyzed",
-                    type: "string"
-                },
-                message: {
-                    properties: {
-                        openstack-general-system-performance: {
-                            index: "not_analyzed",
-                            type: "string"
+    "template": "logstash-*",
+    "settings": {
+        "index": {
+            "number_of_shards": "5",
+            "number_of_replicas": "0",
+            "mapping": {
+                "total_fields": {
+                    "limit": "5000"
+                }
+            }
+        }
+    },
+    "mappings": {
+        "result": {
+            "properties": {
+                "CEE": {
+                    "properties": {
+                        "failed": {
+                            "index": "not_analyzed",
+                            "type": "string"
+                        },
+                        "suspended": {
+                            "index": "not_analyzed",
+                            "type": "string"
                         }
                     }
                 },
-                level: {
-                    type: "string"
+                "action": {
+                    "index": "not_analyzed",
+                    "type": "string"
                 },
-                hostname: {
-                    index: "not_analyzed",
-                    type: "string"
+                "browbeat_cloud_name": {
+                    "index": "not_analyzed",
+                    "type": "string"
                 },
-                timestamp: {
-                    type: "date",
-                    format: "strict_date_optional_time||epoch_millis"
+                "message": {
+                    "properties": {
+                        "openstack-general-system-performance": {
+                            "index": "not_analyzed",
+                            "type": "string"
+                        }
+                    }
+                },
+                "level": {
+                    "type": "string"
+                },
+                "hostname": {
+                    "index": "not_analyzed",
+                    "type": "string"
+                },
+                "timestamp": {
+                    "type": "date",
+                    "format": "strict_date_optional_time||epoch_millis"
                 }
             }
         }