diff --git a/config/syslog-ng.conf b/config/syslog-ng.conf
index ed1f4cb..71b752a 100644
--- a/config/syslog-ng.conf
+++ b/config/syslog-ng.conf
@@ -19,6 +19,8 @@ filter f_unifi_mcad { message("mcad"); };
 filter f_unifi_hostapd { message("hostapd"); };
 filter f_unifi_wlan { message("wlan:"); };
 
+parser p_kv { kv-parser(prefix("kv.")); };
+
 destination d_local {
   file("/var/log/messages");
   file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3));
@@ -35,15 +37,7 @@ destination d_unifi_firewall {
     url("http://pi501.in.thelinuxpro.net:9200/_bulk")
     template("$(format-json --scope rfc5424 --scope dot-nv-pairs
     --rekey .* --shift 1 --scope nv-pairs
-    --exclude DATE @timestamp=${ISODATE}
-    DESCRIPTION=$(DESC)
-    INTERFACE_IN=$(IN)
-    INTERFACE_OUT=$(OUT)
-    IP_SOURCE=$(SRC)
-    IP_DESTINATION=$(DST)
-    PROTOCOL=$(PROTO)
-    PORT_SOURCE=$(SPT)
-    PORT_DESTINATION=$(DPT))")
+    --exclude DATE @timestamp=${ISODATE})")
     persist-name("d_unifi_firewall")
   );
 };
@@ -149,6 +143,7 @@ destination d_syslog_ng_es {
 log {
   source(s_network_udp);
   filter(f_unifi_fw_lan);
+  parser(p_kv);
   destination(d_unifi_firewall);
   flags(final);
 };