diff --git a/diagnostics/opensearch/logstash/logstash.conf b/diagnostics/opensearch/logstash/logstash.conf
index 5ecb152..c37cc98 100644
--- a/diagnostics/opensearch/logstash/logstash.conf
+++ b/diagnostics/opensearch/logstash/logstash.conf
@@ -16,7 +16,7 @@ filter {
 
   date {
     match => ["[records][time]", "MM/dd/yyyy HH:mm:ss"]
-    target => "@timestamp"
+    target => "creation_time"
   }
 
   mutate {
@@ -24,7 +24,12 @@ filter {
   }
 
   mutate {
-    remove_field => ["event.original"]
+    remove_field => ["[event][original]"]
+  }
+  
+  json {
+    source => ["[records][properties]"]
+    remove_field => ["[records][properties]"]
   }
 }