diff --git a/resources/elk6/pipeline/1000_nessus_process_file.conf b/resources/elk6/pipeline/1000_nessus_process_file.conf
index 1462ee3..2be2e03 100644
--- a/resources/elk6/pipeline/1000_nessus_process_file.conf
+++ b/resources/elk6/pipeline/1000_nessus_process_file.conf
@@ -30,7 +30,7 @@ filter {
     date {
       match => [ "_timestamp", "UNIX" ]
       target => "@timestamp"
-      remove_field => ["timestamp"]
+      remove_field => ["_timestamp"]
     }
 
     #If using filebeats as your source, you will need to replace the "path" field to "source"
diff --git a/resources/elk6/pipeline/2000_qualys_web_scans.conf b/resources/elk6/pipeline/2000_qualys_web_scans.conf
index 0ee2522..329257f 100644
--- a/resources/elk6/pipeline/2000_qualys_web_scans.conf
+++ b/resources/elk6/pipeline/2000_qualys_web_scans.conf
@@ -22,7 +22,7 @@ filter {
     date {
       match => [ "_timestamp", "UNIX" ]
       target => "@timestamp"
-      remove_field => ["timestamp"]
+      remove_field => ["_timestamp"]
     }
 
     grok {
diff --git a/resources/elk6/pipeline/3000_openvas.conf b/resources/elk6/pipeline/3000_openvas.conf
index cb1a00c..0bf12c1 100644
--- a/resources/elk6/pipeline/3000_openvas.conf
+++ b/resources/elk6/pipeline/3000_openvas.conf
@@ -23,7 +23,7 @@ filter {
     date {
       match => [ "_timestamp", "UNIX" ]
       target => "@timestamp"
-      remove_field => ["timestamp"]
+      remove_field => ["_timestamp"]
     }
 
     grok {