diff --git a/elkserver/logstash/conf.d/30-redir-apache.conf b/elkserver/logstash/conf.d/30-redir-apache.conf
index 174fc2ea..68a5884b 100644
--- a/elkserver/logstash/conf.d/30-redir-apache.conf
+++ b/elkserver/logstash/conf.d/30-redir-apache.conf
@@ -16,7 +16,7 @@ filter {
 
      # Let's first trim the syslog-like info from the log line
     grok {
-      match => { "message" => [ "\[%{HTTPDATE:redirtraffic.timestamp}\] (%{SYSLOGHOST:sysloghostname}|) %{PROG:syslogprogram}(?:\[%{POSINT:syslogpid}\]): %{GREEDYDATA:messagenosyslog}" ] }
+      match => { "message" => [ "\[%{HTTPDATE:redirtraffic.timestamp}\] (%{SYSLOGHOST:sysloghostname}|-) %{PROG:syslogprogram}(?:\[%{POSINT:syslogpid}\]): %{GREEDYDATA:messagenosyslog}" ] }
     }
 
     # now matching the real Apache log lines. We have several log line formats we need to match: