diff --git a/package/etc/context_templates/splunk_metadata.csv.example b/package/etc/context_templates/splunk_metadata.csv.example
index f88c5ae..0369abe 100644
--- a/package/etc/context_templates/splunk_metadata.csv.example
+++ b/package/etc/context_templates/splunk_metadata.csv.example
@@ -84,7 +84,7 @@ ubiquiti_unifi_fw,index,netfw
 ubiquiti_unifi_link,index,netops
 ubiquiti_unifi_sudo,index,netops
 ubiquiti_unifi_switch,index,netops
-ubiquiti_unifi_threat,index,netidss
+ubiquiti_unifi_threat,index,netids
 ubiquiti_unifi_wireless,index,netops
 vmware_esx,index,main
 vmware_nsx,index,main
diff --git a/package/sbin/entrypoint.sh b/package/sbin/entrypoint.sh
index 8831369..803c5af 100755
--- a/package/sbin/entrypoint.sh
+++ b/package/sbin/entrypoint.sh
@@ -46,12 +46,12 @@ if [ -f /opt/syslog-ng/etc/conf.d/local/context/splunk_index.csv ]; then
     LEGACY_SPLUNK_INDEX_FILE=/opt/syslog-ng/etc/conf.d/local/context/splunk_index.csv
 fi
 # Add new entries
-awk '{print $0}' ${LEGACY_SPLUNK_INDEX_FILE} /opt/syslog-ng/etc/conf.d/local/context/splunk_metadata.csv /opt/syslog-ng/etc/conf.d/local/context/splunk_metadata.csv.example | grep -v '^#' | sort -b -t ',' -k1,2 -u  > /opt/syslog-ng/etc/conf.d/local/context/splunk_metadata.csv
+awk '{print $0}' ${LEGACY_SPLUNK_INDEX_FILE} /opt/syslog-ng/etc/conf.d/local/context/splunk_metadata.csv /opt/syslog-ng/etc/context_templates/splunk_metadata.csv.example | grep -v '^#' | sort -b -t ',' -k1,2 -u  > /opt/syslog-ng/etc/conf.d/local/context/splunk_metadata.csv
 # We don't need this file any longer
-rm -f /opt/syslog-ng/etc/context_templates/splunk_index.csv.example || true 
-rm -f /opt/syslog-ng/etc/context_templates/splunk_metadata.csv.example || true 
+rm -f /opt/syslog-ng/etc/conf.d/local/context/splunk_index.csv.example || true 
 if [ -f /opt/syslog-ng/etc/conf.d/local/context/splunk_index.csv ]; then
-    mv /opt/syslog-ng/etc/conf.d/local/context/splunk_index.csv /opt/syslog-ng/etc/conf.d/local/context/splunk_index.deprecated
+    cp -f /opt/syslog-ng/etc/conf.d/local/context/splunk_index.csv /opt/syslog-ng/etc/conf.d/local/context/splunk_index.deprecated
+    rm /opt/syslog-ng/etc/conf.d/local/context/splunk_index.csv
 fi
 cp --verbose -R -f /opt/syslog-ng/etc/local_config/* /opt/syslog-ng/etc/conf.d/local/config/
 mkdir -p /opt/syslog-ng/var/log