diff --git a/elk_metrics_6x/installLogstash.yml b/elk_metrics_6x/installLogstash.yml
index 07aba9d7..43bf0c1f 100644
--- a/elk_metrics_6x/installLogstash.yml
+++ b/elk_metrics_6x/installLogstash.yml
@@ -73,8 +73,8 @@
 
     - name: Drop Logstash conf for beats output
       template:
-        src: templates/30-elasticsearch-output.conf.j2
-        dest: /etc/logstash/conf.d/30-elasticsearch-output.conf
+        src: templates/99-elasticsearch-output.conf.j2
+        dest: /etc/logstash/conf.d/99-elasticsearch-output.conf
 
     - name: Drop elasticsearch conf file
       template:
@@ -86,6 +86,15 @@
       tags:
         - config
 
+    - name: Create patterns directory
+      file:
+        name: "/opt/logstash/patterns"
+        owner: "logstash"
+        group: "logstash"
+        state: directory
+      tags:
+        - logstash-patterns
+
     - name: Logstash Extra Patterns
       template:
         src: "{{ item }}"
diff --git a/elk_metrics_6x/templates/extras b/elk_metrics_6x/templates/extras
new file mode 100644
index 00000000..8d9454de
--- /dev/null
+++ b/elk_metrics_6x/templates/extras
@@ -0,0 +1,10 @@
+APACHE_ERROR_TIMESTAMP %{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}
+NGINX_ERROR_TIMESTAMP %{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{TIME}
+NGINX_TIMESTAMP %{YEAR}/%{MONTHNUM}/%{MONTHDAY}:%{TIME}
+
+SWIFTPROXY_DATE %{MONTHDAY}/%{MONTH}/%{YEAR}/%{HOUR}/%{MINUTE}/%{SECOND}
+
+SWIFTPROXY_ACCESS %{DATA:clientip} %{DATA:serverip} %{SWIFTPROXY_DATE:timestamp} %{WORD:verb} %{NOTSPACE:request} HTTP/%{NUMBER:httpversion} %{NUMBER:response} %{DATA:referrer} %{DATA:agent} %{DATA:swift_auth_token} %{DATA:swift_request_bytes} %{DATA:swift_response_bytes} %{DATA:swift_etag} %{DATA:swift_txn} %{DATA:swift_logged_headers} %{BASE10NUM:swift_trans_time}
+
+KEYSTONE_SUBSECOND_TIMESTAMP %{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}
+STANDARD_TIMESTAMP %{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}