diff --git a/wazuh/Dockerfile b/wazuh/Dockerfile
index 471746f0..b3cfdaab 100644
--- a/wazuh/Dockerfile
+++ b/wazuh/Dockerfile
@@ -4,13 +4,12 @@ FROM waystonesystems/baseimage-centos:0.2.0
 # Arguments
 ARG FILEBEAT_VERSION=7.10.2
 ARG WAZUH_VERSION=4.1.5-1
-
+ARG FILEBEAT_CHANNEL=filebeat-oss
 # Environment variables
 ENV API_USER="foo" \
    API_PASS="bar"
 
 ARG TEMPLATE_VERSION="4.0"
-ENV FILEBEAT_DESTINATION="elasticsearch"
 
 RUN rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
 
@@ -42,8 +41,8 @@ RUN set -x && \
     rm -f /var/ossec/logs/api/*/*/* && \
     rm -f /var/ossec/logs/cluster/*/*/* && \
     rm -f /var/ossec/logs/ossec/*/*/* && \
-    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
-    rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
+    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && \
+    rpm -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && \
     sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
 
 # Services
@@ -60,8 +59,7 @@ RUN chmod +x /etc/service/wazuh/run && \
    chmod +x /etc/service/filebeat/run 
 
 # Copy configuration files from repository
-COPY config/filebeat_to_elasticsearch.yml ./
-COPY config/filebeat_to_logstash.yml ./
+COPY config/filebeat.yml ./
 
 # Prepare permanent data
 # Sync calls are due to https://github.com/docker/docker/issues/9547
@@ -100,8 +98,7 @@ COPY config/entrypoint.sh /entrypoint.sh
 COPY --chown=root:ossec config/create_user.py /var/ossec/framework/scripts/create_user.py
 COPY config/00-decrypt_credentials.sh /entrypoint-scripts/00-decrypt_credentials.sh
 COPY config/01-wazuh.sh /entrypoint-scripts/01-wazuh.sh
-COPY config/02-set_filebeat_destination.sh /entrypoint-scripts/02-set_filebeat_destination.sh
-COPY config/03-config_filebeat.sh /entrypoint-scripts/03-config_filebeat.sh
+COPY config/02-set_config_filebeat.sh /entrypoint-scripts/02-set_config_filebeat.sh
 COPY config/20-ossec-configuration.sh /entrypoint-scripts/20-ossec-configuration.sh
 COPY config/25-backups.sh /entrypoint-scripts/25-backups.sh
 COPY config/35-remove_credentials_file.sh /entrypoint-scripts/35-remove_credentials_file.sh
@@ -109,8 +106,7 @@ COPY config/85-save_wazuh_version.sh /entrypoint-scripts/85-save_wazuh_version.s
 RUN chmod 755 /entrypoint.sh && \
     chmod 755 /entrypoint-scripts/00-decrypt_credentials.sh && \
     chmod 755 /entrypoint-scripts/01-wazuh.sh && \
-    chmod 755 /entrypoint-scripts/02-set_filebeat_destination.sh && \
-    chmod 755 /entrypoint-scripts/03-config_filebeat.sh && \
+    chmod 755 /entrypoint-scripts/02-set_config_filebeat.sh && \
     chmod 755 /entrypoint-scripts/20-ossec-configuration.sh && \
     chmod 755 /entrypoint-scripts/25-backups.sh && \
     chmod 755 /entrypoint-scripts/35-remove_credentials_file.sh && \
@@ -120,5 +116,8 @@ RUN chmod 755 /entrypoint.sh && \
 ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
 RUN chmod go-w /etc/filebeat/wazuh-template.json 
 
+# Create filebeat directories
+RUN mkdir -p /usr/share/filebeat/module/
+RUN mkdir /usr/share/filebeat/config
 # Run all services
 ENTRYPOINT ["/entrypoint.sh"]
diff --git a/wazuh/config/02-set_config_filebeat.sh b/wazuh/config/02-set_config_filebeat.sh
new file mode 100644
index 00000000..c5208351
--- /dev/null
+++ b/wazuh/config/02-set_config_filebeat.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+set -e
+
+##############################################################################
+# Set Filebeat config.  
+
+##############################################################################
+
+WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.1.tar.gz
+
+echo "FILEBEAT - Copy Filebeat config file"
+if ! [[ -L /etc/filebeat/filebeat.yml ]]; then
+    cp filebeat.yml /etc/filebeat/filebeat.yml
+    chmod go-w /etc/filebeat/filebeat.yml
+else
+    echo "Not needed. File already exist."
+fi
+echo "FILEBEAT - Set permissions"
+
+echo "FILEBEAT - Get Filebeat Wazuh module"
+
+>&2 echo "FILEBEAT - Install Wazuh Filebeat Module."
+curl -s "https://packages.wazuh.com/4.x/filebeat/${WAZUH_FILEBEAT_MODULE}" | tar -xvz -C /usr/share/filebeat/module
+chmod 755 -R /usr/share/filebeat/module/wazuh
diff --git a/wazuh/config/02-set_filebeat_destination.sh b/wazuh/config/02-set_filebeat_destination.sh
deleted file mode 100644
index 3ba11dfa..00000000
--- a/wazuh/config/02-set_filebeat_destination.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-##############################################################################
-# Set Filebeat destination.  
-##############################################################################
-
-if [[ $FILEBEAT_DESTINATION == "elasticsearch" ]]; then
-
-    echo "FILEBEAT - Set destination to Elasticsearch"
-    cp filebeat_to_elasticsearch.yml /etc/filebeat/filebeat.yml
-    if [[ $FILEBEAT_OUTPUT != "" ]]; then
-        sed -i "s/elasticsearch:9200/$FILEBEAT_OUTPUT:9200/" /etc/filebeat/filebeat.yml
-    fi
-
-elif [[ $FILEBEAT_DESTINATION == "logstash" ]]; then
-
-    echo "FILEBEAT - Set destination to Logstash"
-    cp filebeat_to_logstash.yml /etc/filebeat/filebeat.yml
-    if [[ $FILEBEAT_OUTPUT != "" ]]; then
-        sed -i "s/logstash:5000/$FILEBEAT_OUTPUT:5000/" /etc/filebeat/filebeat.yml
-    fi
-
-else
-    echo "FILEBEAT - Error choosing destination. Set default filebeat.yml "
-fi
-
-echo "FILEBEAT - Set permissions"
-
-chmod go-w /etc/filebeat/filebeat.yml
\ No newline at end of file
diff --git a/wazuh/config/03-config_filebeat.sh b/wazuh/config/03-config_filebeat.sh
deleted file mode 100644
index 9edc4b07..00000000
--- a/wazuh/config/03-config_filebeat.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/bash
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-set -e
-
-if [[ $FILEBEAT_DESTINATION == "elasticsearch" ]]; then
-
-    WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.1.tar.gz
-
-    # Modify the output to Elasticsearch if th ELASTICSEARCH_URL is set
-    if [ "$ELASTICSEARCH_URL" != "" ]; then
-    >&2 echo "FILEBEAT - Customize Elasticsearch ouput IP."
-    sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_URL'|g' /etc/filebeat/filebeat.yml
-    fi
-
-    # Install Wazuh Filebeat Module
-
-    >&2 echo "FILEBEAT - Install Wazuh Filebeat Module."
-    curl -s "https://packages.wazuh.com/3.x/filebeat/${WAZUH_FILEBEAT_MODULE}" | tar -xvz -C /usr/share/filebeat/module
-    mkdir -p /usr/share/filebeat/module/wazuh
-    chmod 755 -R /usr/share/filebeat/module/wazuh
-
-fi
\ No newline at end of file
diff --git a/wazuh/config/filebeat.yml b/wazuh/config/filebeat.yml
new file mode 100644
index 00000000..ad9666e4
--- /dev/null
+++ b/wazuh/config/filebeat.yml
@@ -0,0 +1,19 @@
+# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+# Wazuh - Filebeat configuration file
+filebeat.inputs:
+  - type: log
+    paths:
+      - '/var/ossec/logs/alerts/alerts.json'
+
+setup.template.json.enabled: true
+setup.template.json.path: "/etc/filebeat/wazuh-template.json"
+setup.template.json.name: "wazuh"
+setup.template.overwrite: true
+
+
+output.elasticsearch:
+  hosts: ['http://odfe:9200']
+  #pipeline: geoip
+  indices:
+    - index: 'wazuh-alerts-4.x-%{+yyyy.MM.dd}'
diff --git a/wazuh/config/filebeat_to_elasticsearch.yml b/wazuh/config/filebeat_to_elasticsearch.yml
deleted file mode 100644
index 3b7819b7..00000000
--- a/wazuh/config/filebeat_to_elasticsearch.yml
+++ /dev/null
@@ -1,55 +0,0 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-# Wazuh - Filebeat configuration file
-filebeat.inputs:
-  - type: log
-    paths:
-      - '/var/ossec/logs/alerts/alerts.json'
-
-setup.template.json.enabled: true
-setup.template.json.path: "/etc/filebeat/wazuh-template.json"
-setup.template.json.name: "wazuh"
-setup.template.overwrite: true
-
-processors:
-  - decode_json_fields:
-      fields: ['message']
-      process_array: true
-      max_depth: 200
-      target: ''
-      overwrite_keys: true
-  - drop_fields:
-      fields: ['message', 'ecs', 'beat', 'input_type', 'tags', 'count', '@version', 'log', 'offset', 'type', 'host']
-  - rename:
-      fields:
-        - from: "data.aws.sourceIPAddress"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.aws.sourceIPAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-  - rename:
-      fields:
-        - from: "data.srcip"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.srcip: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-  - rename:
-      fields:
-        - from: "data.win.eventdata.ipAddress"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.win.eventdata.ipAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-
-output.elasticsearch:
-  hosts: ['http://elasticsearch:9200']
-  #pipeline: geoip
-  indices:
-    - index: 'wazuh-alerts-4.x-%{+yyyy.MM.dd}'
\ No newline at end of file
diff --git a/wazuh/config/filebeat_to_logstash.yml b/wazuh/config/filebeat_to_logstash.yml
deleted file mode 100644
index 0e4dd97c..00000000
--- a/wazuh/config/filebeat_to_logstash.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-# Wazuh - Filebeat configuration file
-filebeat:
- inputs:
-  - type: log
-    paths:
-      - "/var/ossec/logs/alerts/alerts.json"
-  # - type: log
-  #   paths:
-  #     - "/var/ossec/logs/archives/archives.json"
-  #   fields:
-  #     wazuh_log_file: "archives"
-
-output:
- logstash:
-   # The Logstash hosts
-         hosts: ["logstash:5000"]
-#   ssl:
-#     certificate_authorities: ["/etc/filebeat/logstash.crt"]