diff --git a/logstash/01-logstash-input.conf b/logstash/01-logstash-input.conf
deleted file mode 100644
index 0ff0c3b..0000000
--- a/logstash/01-logstash-input.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-input {
-  beats {
-    port => 5044
-    ssl => true
-    ssl_certificate => "/etc/pki/tls/certs/logstash.crt"
-    ssl_key => "/etc/pki/tls/private/logstash.key"
-  }
-}
diff --git a/logstash/02-logstash-syslog-filter.conf b/logstash/01-logstash-simple.conf
similarity index 62%
rename from logstash/02-logstash-syslog-filter.conf
rename to logstash/01-logstash-simple.conf
index 5ec11db..37eee9c 100644
--- a/logstash/02-logstash-syslog-filter.conf
+++ b/logstash/01-logstash-simple.conf
@@ -1,3 +1,12 @@
+input {
+  beats {
+    port => 5044
+    ssl => true
+    ssl_certificate => "/etc/pki/tls/certs/logstash.crt"
+    ssl_key => "/etc/pki/tls/private/logstash.key"
+  }
+}
+
 filter {
   if [type] == "syslog" {
     grok {
@@ -14,3 +23,10 @@ filter {
   }
 }
 
+output {
+   elasticsearch {
+     hosts => "localhost:9200"
+     index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
+   }
+}
+
diff --git a/logstash/03-logstash-output.conf b/logstash/03-logstash-output.conf
deleted file mode 100644
index b415867..0000000
--- a/logstash/03-logstash-output.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-output {
-   elasticsearch {
-     hosts => "localhost:9200"
-     index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
-   }
-}