diff --git a/elkserver/logstash/conf.d/20-redir-haproxy.conf b/elkserver/logstash/conf.d/20-redir-haproxy.conf
index 6ff8b218..584f34bd 100644
--- a/elkserver/logstash/conf.d/20-redir-haproxy.conf
+++ b/elkserver/logstash/conf.d/20-redir-haproxy.conf
@@ -46,7 +46,7 @@ filter {
 
     # Let's first trim the syslog info from the log line
     grok {
-      match => { "message" => ["%{SYSLOGTIMESTAMP:syslogtimestamp} %{SYSLOGHOST:sysloghostname} %{PROG:syslogprogram}(?:\[%{POSINT:syslogpid}\])?: %{GREEDYDATA:messagenosyslog}"] }
+      match => { "message" => ["%{SYSLOGTIMESTAMP:syslogtimestamp} %{NOTSPACE:sysloghostname} %{PROG:syslogprogram}(?:\[%{POSINT:syslogpid}\])?: %{GREEDYDATA:messagenosyslog}"] }
     }
 
 
diff --git a/elkserver/logstash/conf.d/30-redir-apache.conf b/elkserver/logstash/conf.d/30-redir-apache.conf
index 68a5884b..23702702 100644
--- a/elkserver/logstash/conf.d/30-redir-apache.conf
+++ b/elkserver/logstash/conf.d/30-redir-apache.conf
@@ -16,7 +16,7 @@ filter {
 
      # Let's first trim the syslog-like info from the log line
     grok {
-      match => { "message" => [ "\[%{HTTPDATE:redirtraffic.timestamp}\] (%{SYSLOGHOST:sysloghostname}|-) %{PROG:syslogprogram}(?:\[%{POSINT:syslogpid}\]): %{GREEDYDATA:messagenosyslog}" ] }
+      match => { "message" => [ "\[%{HTTPDATE:redirtraffic.timestamp}\] (%{NOTSPACE:sysloghostname}|-) %{PROG:syslogprogram}(?:\[%{POSINT:syslogpid}\]): %{GREEDYDATA:messagenosyslog}" ] }
     }
 
     # now matching the real Apache log lines. We have several log line formats we need to match:
diff --git a/elkserver/logstash/conf.d/40-redir-nginx.conf b/elkserver/logstash/conf.d/40-redir-nginx.conf
index 1440d6be..c90e41f3 100644
--- a/elkserver/logstash/conf.d/40-redir-nginx.conf
+++ b/elkserver/logstash/conf.d/40-redir-nginx.conf
@@ -16,7 +16,7 @@ filter {
 
      # Let's first trim the syslog-like info from the log line
     grok {
-      match => { "message" => [ "\[%{HTTPDATE:redirtraffic.timestamp}\] (%{SYSLOGHOST:sysloghostname}|-) %{PROG:syslogprogram}(?:\[%{POSINT:syslogpid}\]): %{GREEDYDATA:messagenosyslog}" ] }
+      match => { "message" => [ "\[%{HTTPDATE:redirtraffic.timestamp}\] (%{NOTSPACE:sysloghostname}|-) %{PROG:syslogprogram}(?:\[%{POSINT:syslogpid}\]): %{GREEDYDATA:messagenosyslog}" ] }
     }
 
     # now matching the real Apache log lines. We have several log line formats we need to match: